CVE-2022-41935 is a vulnerability in the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability is classified under CWE-200, indicating an exposure of sensitive information to unauthorized actors. Specifically, the issue arises because users who do not have the appropriate permissions to view certain documents can still infer the existence of these documents by performing repeated Livetable queries. Livetable is a feature in XWiki that allows dynamic querying and display of wiki content. Due to improper sanitization and response handling, obfuscated entries that should not be visible to unauthorized users are leaked, enabling them to deduce sensitive information about document existence and potentially other metadata. This vulnerability affects multiple versions of XWiki Platform, notably versions from 12.10.11 up to but not including 13.10.8, and from 14.0.0 up to but not including 14.4.3. The vendor has addressed the issue in versions 14.6RC1, 13.10.8, and 14.4.3. However, for versions 12.10.11, 13.9-rc-1, and 13.4.4, a manual patch can be applied by updating the document `XWiki.LiveTableResultsMacros` or importing a patched XAR archive. No other workarounds are known. There are no reports of active exploitation in the wild, but the vulnerability's nature means it could be leveraged by attackers to gather intelligence about internal documents and system structure, which could facilitate further attacks such as social engineering or privilege escalation. The vulnerability does not require authentication to exploit, as unauthorized users can perform Livetable queries, but it does require access to the platform interface where Livetable queries can be executed.

For European organizations using affected versions of XWiki Platform, this vulnerability poses a risk of unauthorized information disclosure. Sensitive internal documents or metadata could be inferred by attackers or unauthorized users, potentially exposing confidential business information, project details, or personal data. This exposure undermines confidentiality and could lead to reputational damage, regulatory non-compliance (especially under GDPR if personal data is involved), and increased risk of targeted attacks. While the vulnerability does not directly allow modification or deletion of data, the leakage of document existence and related metadata can be a stepping stone for attackers to craft more precise attacks, including phishing or social engineering campaigns. Organizations in sectors with high confidentiality requirements, such as government, finance, healthcare, and critical infrastructure, are particularly at risk. The impact on availability and integrity is low, but the breach of confidentiality alone is significant given the potential sensitivity of the leaked information.

European organizations should prioritize upgrading affected XWiki Platform instances to the patched versions: 13.10.8, 14.4.3, or later stable releases such as 14.6RC1. If immediate upgrade is not feasible, the manual patch involving the `XWiki.LiveTableResultsMacros` document should be applied promptly to versions 12.10.11, 13.9-rc-1, or 13.4.4. Administrators should audit their XWiki deployments to identify affected versions and verify whether the patch has been applied. Additionally, organizations should restrict access to the Livetable query interface to trusted users only, potentially by implementing network-level access controls or application-level restrictions. Monitoring and logging of Livetable query usage should be enhanced to detect unusual or repeated queries that may indicate exploitation attempts. Regular security assessments and penetration testing should include checks for this vulnerability. Finally, organizations should review and tighten overall access control policies within XWiki to minimize the risk of unauthorized information disclosure.