Main Vulnerability Database Vulnerabilities #VU130035

Exposure of Sensitive Information Through Data Queries in XWiki platform - CVE-2021-32732

Published: February 4, 2022 / Updated: May 5, 2026

Vulnerability identifier: #VU130035

CSH Severity: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2021-32732

CWE-ID: CWE-202

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XWiki platform

Software vendor:
XWiki

Description

The vulnerability allows a remote attacker to disclose sensitive information about user accounts.

The vulnerability exists due to exposure of sensitive information through data queries in the Forgot Username form when handling forged requests to the forgot username page. A remote attacker can send specially crafted requests with email addresses to disclose sensitive information about user accounts.

The issue can reveal whether an account exists for a given email address and which username or usernames are associated with that email address.

Remediation

Install security update from vendor's website.

External links

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh

Exposure of Sensitive Information Through Data Queries in XWiki platform - CVE-2021-32732

Description

Remediation

External links

Please verify you're human