CVE-2023-29208
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-29208
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29208.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2023-29208
- Aliases
- Published
- 2023-04-15T15:52:47.431Z
- Modified
- 2025-12-09T12:04:01.195160Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
- Summary
- Data leak through deleted documents
- Details
-
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
- Database specific
{ "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29208.json", "cwe_ids": [ "CWE-668" ] }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29208.json
- https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr
- https://jira.xwiki.org/browse/XWIKI-16285
- https://nvd.nist.gov/vuln/detail/CVE-2023-29208
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
xwiki-application-calendar-1.*
xwiki-application-calendar-1.0
xwiki-platform-7.*
xwiki-platform-7.3-milestone-2
xwiki-platform-7.4-milestone-1
xwiki-platform-7.4-milestone-2
xwiki-platform-8.*
xwiki-platform-8.0-milestone-1
xwiki-platform-8.0-milestone-2
xwiki-platform-8.1-milestone-1
xwiki-platform-8.1-milestone-2
xwiki-platform-8.2-milestone-1
xwiki-platform-8.2-milestone-2
xwiki-platform-8.3-milestone-1
xwiki-platform-9.*
xwiki-platform-9.9-rc-2
xwiki-plugin-tag-1.*
xwiki-plugin-tag-1.1
Database specific
vanir_signatures
[
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "restoreBatch",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"function_hash": "268396365578928620117159424463168818548",
"length": 828.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-07a6568c"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "canUndelete",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/DeletedDocument.java"
},
"digest": {
"function_hash": "184548495796387772605323694189723958732",
"length": 409.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-236e5ed7"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"line_hashes": [
"246097114900754658752519489077218175430",
"335872549338896771470120787454975773626",
"31011983221659513038913872202408100318",
"82612591964064029862014303428398872789",
"206303222257263162990435340345034505668",
"37217006672489366403476269020181999937",
"35836628625176952037121722887043805007",
"75298243591450928077430391360846550570",
"162309320780135278324611088585289113948",
"340080327477876897920013313290531388213",
"33774176492171122355706066235166733419",
"307306887957211234632785525120273340620",
"307368822171821422068993011098587176093",
"237553326703390942724477027517225730508",
"159138649621946612726435151713196589294",
"218434008053499325889412878666181240662",
"162538331360142326324394548397517943295",
"242914572760460107044977677394040362763",
"53099377923236976515942930791276109358",
"251553616259431158495036699950534320003",
"183885505982894883177450562531910684910",
"192974838257371205527343946528269914425",
"3434798899299786142502790681986524407",
"29026015056955703656608973905763343801",
"275069004255481937638269059956058377520",
"47871916869007591515252084936788993900"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-3418d8eb"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "restoreSingleDocumentWhenDeleter",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"function_hash": "327164345221123363966844301870778584219",
"length": 505.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-3b7eca3c"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/store/XWikiHibernateRecycleBinStore.java"
},
"digest": {
"line_hashes": [
"174679156295890974878445183688129665213",
"69747837239740238465300245601788373776",
"289900251353248735966591163580945697536",
"12901664830229388421136910539335015149",
"54314056032085064638214484862515502562",
"64108325079003217232483727990335201209",
"306623289703726869774364026810536370256",
"301376181727367233987779230475091927628",
"288433286997992912633800042347895582223",
"332477903201399218605647285641449225394",
"221206821167323603520215677019635269171",
"139296589966863314012513522001154404228",
"168557094365882952474537552329153611225",
"173450704918556177747057921088220716354"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-40a70393"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/XWikiAction.java"
},
"digest": {
"line_hashes": [
"230257459069046672821212339713682852360",
"267703675007858652889288169602158231896",
"91606898226458897838869601899855073572",
"263615267190564500058803756761096973427",
"253520328691642263855936041690301680991",
"156218680364956680156122982322658589435",
"276980986231815557109992771404547654276",
"86111529566750268780331638125440570544",
"76406572421196615171642892192870295284",
"70231009294712724720172914373160086041",
"312322903517384688385118734893774379813",
"87179125125541845269921645812958195324",
"260785919207012976013985480807944347473",
"320506973587807903522498946486031078507",
"135581809618373989815239191285493574376",
"255774435830659650875782246418009846472",
"146980257493628833980242927731597095489",
"171932818166380003631322968651395695947",
"283393229236996772396224133248622343012",
"22472101118550493113344527616207363130",
"334406242701606981921655750051270140900",
"236686149142682426071043321224327145724",
"99563093824460839205916158013911449635",
"98345971591548002116659546351420397224",
"295154978827609317432935569708868424473",
"90564551122493817823017907514529711894"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-589aef68"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "restoreSingleDocument",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"function_hash": "249854333728012624615215069536795713958",
"length": 523.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-5ee2a6c8"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/internal/doc/DefaultDocumentRevisionProvider.java"
},
"digest": {
"line_hashes": [
"116709292272971147078577775450400848358",
"265641574625389656839688795827802299726",
"50335226406573994680360405832834398243",
"65462283298194521230002648106996204052",
"97512892953079112179360095553335951053",
"181132808302566319681764432009453300989",
"45340760136245804664058123005015417155",
"60881593880596191017728427010993796765",
"173824826987484773247893435621900943291",
"141629142902335602635631123974896163935",
"231577095759661818935328842238042475413",
"27831874475459830911717426154709112930",
"89283310568724743889221786383843559041",
"93805600082951147488092219981406875535",
"155724019203801298997477253169673465777",
"172711553423794221045841569615588702888",
"68462133036935983723268692052188096136",
"61930342884777226450424055762068939327",
"310198062390705786674534516125883947972",
"185678820054328518669717194711850426191",
"143352149971779697062411054888336929744",
"129454005747369725323063637503493644400",
"303049811179165239418407033955638868247",
"239454692345672840392683313382283009334"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-61edf802"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/api/DeletedDocument.java"
},
"digest": {
"line_hashes": [
"287439469808164717246807926383172544678",
"125103563737646572183055714173860502544",
"67485926337296409754329901083377387061",
"300815737129838008546974199303400578938",
"82815811075748901952208868291127154254",
"243405804895927496785470334497528864717",
"75317670564698796048045560058562293355",
"82195242384876877553819804001574023158",
"169695734340840406725697082927836466006",
"114601162890372216923847491392589591797",
"133204499238129587803442255462525492222",
"131193205115111507498498485940662063548",
"295657703983651584165831040148227443777",
"56556497684046204994412898700316534333",
"320308701256962271116141597678424144748",
"100126220747556911289285021405568145772",
"51564792492935294992014125314889215630",
"268285275935805702195363397967806743326",
"31846801967035771960540834592250625928",
"319180246373650573626955590533731151338",
"284208695316126353991682541548126425719",
"29478875277271140983369616272630342022",
"47289604194271975013456989603225870274",
"336168815957244935533023209731924585448",
"243744226421581719548852886948383053172",
"171945847730191649162121407342571423404",
"150929044248763635194235425311991812983",
"105151794950828484708710799259966273528",
"222643914115785995852008717041132390962"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-792ed198"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/doc/XWikiDeletedDocument.java"
},
"digest": {
"line_hashes": [
"312396165010405964949296827013785335276",
"158537227795653139103115418143016211920",
"170623347430208393126238960937536424695",
"257038847563946360636926813256553415891",
"263187879865839440387520882082720259720",
"180789650008256391461047783811322159802"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-834ec297"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "getRevision",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/internal/doc/DefaultDocumentRevisionProvider.java"
},
"digest": {
"function_hash": "208547313835656039963120959157777787655",
"length": 729.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-8b3c3c6f"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "handleRevision",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/web/XWikiAction.java"
},
"digest": {
"function_hash": "281866832371938918879860471258027081795",
"length": 931.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-8c64b804"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/store/XWikiRecycleBinStoreInterface.java"
},
"digest": {
"line_hashes": [
"278448956116583570666927147392192114026",
"158546680990322960231350302113708550166",
"158785911834146896972763851015334175689",
"16975111047142733633030744960548821283",
"266625827610464052580409087431950768937"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-8ddfe1ad"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "beforeEach",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"function_hash": "2991997594903200068997186062152268412",
"length": 1307.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-b85c0a46"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"function": "showBatch",
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/test/java/com/xpn/xwiki/web/UndeleteActionTest.java"
},
"digest": {
"function_hash": "305661300042266737365798426721337305406",
"length": 517.0
},
"signature_type": "Function",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-bc4a1eb1"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/internal/doc/DeletedDocumentRevisionProvider.java"
},
"digest": {
"line_hashes": [
"91651771466156906169643621127457991197",
"269431475859571584333685756042655772987",
"186569833758503285341756814538950046294",
"263297458560254638832107098391755072729",
"141954000153054880183412338282164619434",
"221098333954084600835782838181252955025",
"260381068005800463657315691064626557979",
"25152539142353555671359867121825409950",
"158033808218914376450658054364668465033"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-cf0e2b54"
},
{
"signature_version": "v1",
"deprecated": false,
"target": {
"file": "xwiki-platform-core/xwiki-platform-oldcore/src/main/java/com/xpn/xwiki/doc/DocumentRevisionProvider.java"
},
"digest": {
"line_hashes": [
"24096782343910542074867112554129615715",
"317270577940773085197690420753696421634",
"97103386792068553423743508091635065734",
"272629773391576040621100431115696325691",
"32616793398603969240186748508174121745"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"id": "CVE-2023-29208-f18f07f9"
}
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29208.json"