CVE-2023-50719: 
Java vulnerability analysis and mitigation

The Solr-based search in XWiki Platform, a generic wiki platform, contains a vulnerability (CVE-2023-50719) that was introduced in version 7.2-milestone-2 and affects versions prior to 14.10.15, 15.5.2, and 15.7-rc-1. The vulnerability allows anyone with view rights on user profiles to access password hashes of all users, with user profiles being public by default (GitHub Advisory).

The vulnerability exists in the Solr search functionality where password hashes are improperly indexed and exposed through the search interface. By default, passwords in XWiki are salted and hashed with SHA-512. The issue can be reproduced by searching for 'propertyvalue:?* AND reference:*.password' and deselecting the 'Document' property under 'Result type' in the search refinement widget. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (GitHub Advisory).

The vulnerability exposes password hashes of all users, enabling potential offline password cracking attacks, particularly against weak passwords. Additionally, the vulnerability affects configurations used by extensions that contain passwords like API keys, which are normally inaccessible but become exposed in plain text through this vulnerability. This impacts both wikis using local authentication and those using external authentication mechanisms (GitHub Advisory).

The vulnerability has been patched in XWiki versions 14.10.15, 15.5.2, and 15.7RC1. The fix was implemented as part of patching another vulnerability (GHSA-2grh-gr37-2283), specifically in the part that changes the indexing of single properties to use the same code as the main document for getting the property's value. There are no known workarounds apart from upgrading to a fixed version (GitHub Advisory).