{"id":7608,"date":"2025-07-04T15:59:25","date_gmt":"2025-07-04T15:59:25","guid":{"rendered":"http:\/\/localhost\/?p=7608"},"modified":"2025-07-04T15:59:25","modified_gmt":"2025-07-04T15:59:25","slug":"license-information-is-public-exposing-instance-id-and-license-holder-details","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=7608","title":{"rendered":"License information is public, exposing instance id and license holder details"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nLicense information is public, exposing instance id and license holder details<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2024-02-21T16:52:25.022Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-04-22T16:23:41.846Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nxwikisas<\/td>\n<\/tr>\n
Product<\/th>\napplication-licensing<\/td>\n<\/tr>\n
Version<\/th>\n>= 1.0, < 1.24.2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n5.3 (MEDIUM)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:N\/UI:N\/S:U\/C:L\/I:N\/A:N<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe XWiki licensor application exposes sensitive license information, including instance IDs and user details, which could be used for phishing attacks. This information was mistakenly made public and has been fixed in version 1.24.2.<\/td>\n<\/tr>\n
AI Severity<\/th>\nMedium<\/td>\n<\/tr>\n
AI Vendor<\/th>\nXWiki SAS<\/td>\n<\/tr>\n
AI Product<\/th>\nApplication Licensing<\/td>\n<\/tr>\n
AI Version<\/th>\n1.0, 1.24.2<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n