CVE-2023-38509: 
Java vulnerability analysis and mitigation

XWiki Platform, a generic wiki platform, contains a vulnerability in org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1. The vulnerability relates to email address obfuscation configuration not being fully enforced, allowing obfuscated emails to be exposed (GitHub Advisory).

The vulnerability has been assigned CVE-2023-38509 with a CVSS v3.1 base score of 4.3 (Moderate) and vector string CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N. The issue is classified as CWE-402 (Transmission of Private Resources into a New Sphere). The vulnerability allows sorting and potential exposure of obfuscated email addresses in the platform's livetable component (GitHub Advisory, NVD).

The vulnerability compromises the email address obfuscation feature, potentially exposing user email addresses that were intended to be hidden. This affects the confidentiality of user data, particularly in scenarios where email addresses should remain protected (GitHub Advisory).

The vulnerability has been patched in XWiki versions 14.10.9 and 15.3-rc-1. As a workaround, users can modify the page XWiki.LiveTableResultsMacros following the patch provided in the fix (GitHub Advisory).