The Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for objcontent:email* using XWiki’s regular search interface.
View the template here CVE-2023-50720.yaml
References:
https://jira.xwiki.org/browse/XWIKI-20371