How severe is CVE-2023-34465?

This vulnerability has a severity rating of HIGH with a CVSS score of 8.1 out of 10.

What type of vulnerability is CVE-2023-34465?

This is classified as CWE-269, which is a common weakness in software security.

CVE-2023-34465 - HIGH Severity | CVSS 8.1

Vulnerability Description

XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group).

Related Vulnerabilities

CVE-2017-1000241

HIGH

CVSS:8.1(High)

The application OpenEMR version 5.0.0, 5.0.1-dev and prior is affected by vertical privilege escalation vulnerability. This vulnerability can allow an authenticated non-administrator users to view and...

CWE-2692017

CVE-2017-15055

HIGH

CVSS:8.1(High)

TeamPass before 2.1.27.9 does not properly enforce item access control when requesting items.queries.php. It is then possible to copy any arbitrary item into a directory controlled by the attacker, ed...

CWE-2692017

CVE-2017-18884

HIGH

CVSS:8.1(High)

An issue was discovered in Mattermost Server before 4.3.0, 4.2.1, and 4.1.2. It allows attackers to gain privileges by using a registered OAuth application with personal access tokens.

CWE-2692017

CVE-2017-9940

HIGH

CVSS:8.1(High)

A vulnerability was discovered in Siemens SiPass integrated (All versions before V2.70) that could allow an attacker with access to a low-privileged user account to read or write files on the file sys...

CWE-2692017

CVE-2018-16266

HIGH

CVSS:8.1(High)

The Enlightenment system service in Tizen allows an unprivileged process to fully control or capture windows, due to improper D-Bus security policy configurations. This affects Tizen before 5.0 M1, an...

CWE-2692018

CVE-2018-16267

HIGH

CVSS:8.1(High)

The system-popup system service in Tizen allows an unprivileged process to perform popup-related system actions, due to improper D-Bus security policy configurations. Such actions include the triggeri...

CWE-2692018