GMS-2022-6935: Plaintext storage of password after a reset in xwiki-platform-security-authentication-default

November 21, 2022

We discovered that when the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and next versions.

References

github.com/advisories/GHSA-q2hm-2h45-v5g3
github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3

Code Behaviors & Features

Detect and mitigate GMS-2022-6935 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →