All the vulnerabilites related to xwiki - xwiki-platform
cve-2020-15171
Vulnerability from cvelistv5
Published
2020-09-10 19:40
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7qw5-pqhc-xm4g | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: <11.10.5 Version: >=12.0.0, <12.2.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:22.465Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7qw5-pqhc-xm4g"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c11.10.5"
},
{
"status": "affected",
"version": "\u003e=12.0.0, \u003c12.2.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-09-10T19:40:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7qw5-pqhc-xm4g"
}
],
"source": {
"advisory": "GHSA-7qw5-pqhc-xm4g",
"discovery": "UNKNOWN"
},
"title": "Users with SCRIPT rights can execute arbitrary code in XWiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15171",
"STATE": "PUBLIC",
"TITLE": "Users with SCRIPT rights can execute arbitrary code in XWiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c11.10.5"
},
{
"version_value": "\u003e=12.0.0, \u003c12.2.1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In XWiki before versions 11.10.5 or 12.2.1, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. The only workaround is to give SCRIPT right only to trusted users."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7qw5-pqhc-xm4g",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7qw5-pqhc-xm4g"
}
]
},
"source": {
"advisory": "GHSA-7qw5-pqhc-xm4g",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15171",
"datePublished": "2020-09-10T19:40:13",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:22.465Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48241
Vulnerability from cvelistv5
Published
2023-11-20 17:58
Modified
2024-08-02 21:23
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21138 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.3-milestone-2, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21138",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21138"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.3-milestone-2, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don\u0027t include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T17:58:54.651Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21138",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21138"
}
],
"source": {
"advisory": "GHSA-7fqr-97j7-jgf4",
"discovery": "UNKNOWN"
},
"title": "XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48241",
"datePublished": "2023-11-20T17:58:54.651Z",
"dateReserved": "2023-11-13T13:25:18.482Z",
"dateUpdated": "2024-08-02T21:23:39.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29214
Vulnerability from cvelistv5
Published
2023-04-16 06:45
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20306 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.1-M2, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.881Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20306",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20306"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1-M2, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T06:45:57.295Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qx9h-c5v6-ghqh"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/50b4d91418b4150933f0317eb4a94ceaf5b69f67"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20306",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20306"
}
],
"source": {
"advisory": "GHSA-qx9h-c5v6-ghqh",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29214",
"datePublished": "2023-04-16T06:45:57.295Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.881Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26472
Vulnerability from cvelistv5
Published
2023-03-02 18:25
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2-milestone-1, < 13.10.10 Version: >= 14.0, < 14.4.6 Version: >= 14.5, < 14.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.999Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vwr6-qp4q-2wj7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vwr6-qp4q-2wj7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38#diff-2ec9d716673ee049937219cdb0a92e520f81da14ea84d144504b97ab2bdae243R45",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38#diff-2ec9d716673ee049937219cdb0a92e520f81da14ea84d144504b97ab2bdae243R45"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19731",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19731"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2-milestone-1, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page `IconThemesCode.IconThemeSheet` by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:25:06.051Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vwr6-qp4q-2wj7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vwr6-qp4q-2wj7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38#diff-2ec9d716673ee049937219cdb0a92e520f81da14ea84d144504b97ab2bdae243R45",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38#diff-2ec9d716673ee049937219cdb0a92e520f81da14ea84d144504b97ab2bdae243R45"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19731",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19731"
}
],
"source": {
"advisory": "GHSA-vwr6-qp4q-2wj7",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26472",
"datePublished": "2023-03-02T18:25:06.051Z",
"dateReserved": "2023-02-23T23:22:58.572Z",
"dateUpdated": "2024-08-02T11:53:52.999Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46243
Vulnerability from cvelistv5
Published
2023-11-07 19:10
Modified
2024-09-12 19:12
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20385 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.0, < 14.10.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.209Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20385",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20385"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46243",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T15:50:55.733832Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:12:31.938Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 14.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible for a user to execute any content with the right of an existing document\u0027s content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D\u0026xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. Users are advised to update. There are no known workarounds for this issue. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T19:10:45.565Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20385",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20385"
}
],
"source": {
"advisory": "GHSA-g2qq-c5j9-5w5w",
"discovery": "UNKNOWN"
},
"title": "Code execution via the edit action in XWiki platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46243",
"datePublished": "2023-11-07T19:10:45.565Z",
"dateReserved": "2023-10-19T20:34:00.947Z",
"dateUpdated": "2024-09-12T19:12:31.938Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36468
Vulnerability from cvelistv5
Published
2023-06-29 20:44
Modified
2024-11-26 19:13
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it's still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn't affect freshly installed versions of XWiki. Further, this vulnerability doesn't affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20594 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.0, < 14.10.7 Version: >= 15.0-rc-1, < 15.2-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.961Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20594",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20594"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36468",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:13:09.877068Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:13:33.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0, \u003c 14.10.7"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an XWiki installation is upgraded and that upgrade contains a fix for a bug in a document, just a new version of that document is added. In some cases, it\u0027s still possible to exploit the vulnerability that was fixed in the new version. The severity of this depends on the fixed vulnerability, for the purpose of this advisory take CVE-2022-36100/GHSA-2g5c-228j-p52x as example - it is easily exploitable with just view rights and critical. When XWiki is upgraded from a version before the fix for it (e.g., 14.3) to a version including the fix (e.g., 14.4), the vulnerability can still be reproduced by adding `rev=1.1` to the URL used in the reproduction steps so remote code execution is possible even after upgrading. Therefore, this affects the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability also affects manually added script macros that contained security vulnerabilities that were later fixed by changing the script macro without deleting the versions with the security vulnerability from the history. This vulnerability doesn\u0027t affect freshly installed versions of XWiki. Further, this vulnerability doesn\u0027t affect content that is only loaded from the current version of a document like the code of wiki macros or UI extensions. This vulnerability has been patched in XWiki 14.10.7 and 15.2RC1 by forcing old revisions to be executed in a restricted mode that disables all script macros. As a workaround, admins can manually delete old revisions of affected documents. A script could be used to identify all installed documents and delete the history for them. However, also manually added and later corrected code may be affected by this vulnerability so it is easy to miss documents."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-459",
"description": "CWE-459: Incomplete Cleanup",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:44:33.894Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8q9q-r9v2-644m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/15a6f845d8206b0ae97f37aa092ca43d4f9d6e59"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20594",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20594"
}
],
"source": {
"advisory": "GHSA-8q9q-r9v2-644m",
"discovery": "UNKNOWN"
},
"title": "Upgrading doesn\u0027t prevent exploiting vulnerable XWiki documents"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36468",
"datePublished": "2023-06-29T20:44:33.894Z",
"dateReserved": "2023-06-21T18:50:41.700Z",
"dateUpdated": "2024-11-26T19:13:33.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41928
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.0-milestone-1, < 13.10.7 Version: >= 14.0.0, < 14.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.588Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19800"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0-milestone-1, \u003c 13.10.7"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19800"
}
],
"source": {
"advisory": "GHSA-9hqh-fmhg-vq2j",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41928",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.588Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29205
Vulnerability from cvelistv5
Published
2023-04-15 15:27
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-18568 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18568",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18568"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. The HTML macro does not systematically perform a proper neutralization of script-related html tags. As a result, any user able to use the html macro in XWiki, is able to introduce an XSS attack. This can be particularly dangerous since in a standard wiki, any user is able to use the html macro directly in their own user profile page. The problem has been patched in XWiki 14.8RC1. The patch involves the HTML macros and are systematically cleaned up whenever the user does not have the script correct. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:27:05.815Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxf7-mx22-jr24"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18568",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18568"
}
],
"source": {
"advisory": "GHSA-vxf7-mx22-jr24",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-rendering-xwiki vulnerable to stored cross-site scripting via HTML and raw macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29205",
"datePublished": "2023-04-15T15:27:05.815Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-08-02T14:00:15.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36098
Vulnerability from cvelistv5
Published
2022-09-08 20:50
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.5-rc-1, < 13.10.6 Version: >= 14.0, < 14.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19752"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.5-rc-1, \u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it\u0027s possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:50:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19752"
}
],
"source": {
"advisory": "GHSA-c5v8-2q4r-5w9v",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Mentions UI vulnerable to Cross-site Scripting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36098",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Mentions UI vulnerable to Cross-site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 12.5-rc-1, \u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0, \u003c 14.4"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it\u0027s possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field. The stored code is executed by anyone visiting the page with the mention. This issue has been patched on XWiki 14.4 and 13.10.6. As a workaround, one may update `XWiki.Mentions.MentionsMacro` and edit the `Macro code` field of the `XWiki.WikiMacroClass` XObject."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5v8-2q4r-5w9v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/4032dc896857597efd169966dc9e2752a9fdd459#diff-4fe22885f772e47d3561a05348f73921669ec12d4413b220383b73c7ae484bc4R608-R610"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/4f290d87a8355e967378a1ed6aee23a06ba162eb"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19752",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19752"
}
]
},
"source": {
"advisory": "GHSA-c5v8-2q4r-5w9v",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36098",
"datePublished": "2022-09-08T20:50:11",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26479
Vulnerability from cvelistv5
Published
2023-03-02 17:20
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content is a user page) and the page index.
Note that on the page, the normal UI is completely missing and it is not possible to open the editor directly to revert the change as the stack overflow is already triggered while getting the title of the document. This means that it is quite difficult to remove this content once inserted.
This has been patched in XWiki 13.10.10, 14.4.6, and 14.9-rc-1. A temporary workaround to avoid Stack Overflow errors is to increase the memory allocated to the stack by using the `-Xss` JVM parameter (e.g., `-Xss32m`). This should allow the parser to pass and to fix the faulty content. The consequences for other aspects of the system (e.g., performance) are unknown, and this workaround should be only be used as a temporary solution. The workaround does not prevent the issue occurring again with other content. Consequently, it is strongly advised to upgrade to a version where the issue has been patched.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19838 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.0, < 13.10.10 Version: >= 14.0, < 14.4.6 Version: >= 14.5, < 14.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.887Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19838",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19838"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.0, users with write rights can insert well-formed content that is not handled well by the parser. As a consequence, some pages becomes unusable, including the user index (if the page containing the faulty content is a user page) and the page index.\n\nNote that on the page, the normal UI is completely missing and it is not possible to open the editor directly to revert the change as the stack overflow is already triggered while getting the title of the document. This means that it is quite difficult to remove this content once inserted.\n\nThis has been patched in XWiki 13.10.10, 14.4.6, and 14.9-rc-1. A temporary workaround to avoid Stack Overflow errors is to increase the memory allocated to the stack by using the `-Xss` JVM parameter (e.g., `-Xss32m`). This should allow the parser to pass and to fix the faulty content. The consequences for other aspects of the system (e.g., performance) are unknown, and this workaround should be only be used as a temporary solution. The workaround does not prevent the issue occurring again with other content. Consequently, it is strongly advised to upgrade to a version where the issue has been patched."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-755",
"description": "CWE-755: Improper Handling of Exceptional Conditions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T17:20:18.643Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-52vf-hvv3-98h7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e5b82cd98072464196a468b8f7fe6396dce142a7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19838",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19838"
}
],
"source": {
"advisory": "GHSA-52vf-hvv3-98h7",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-rendering-parser vulnerable to Improper Handling of Exceptional Conditions"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26479",
"datePublished": "2023-03-02T17:20:18.643Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:52.887Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29508
Vulnerability from cvelistv5
Published
2023-04-16 07:00
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20312 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.10.10, < 13.10.11 Version: >= 14.4, < 14.4.7 Version: >= 14.9, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.319Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20312",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20312"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.10.10, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.4, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.9, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. A user without script rights can introduce a stored XSS by using the Live Data macro, if the last author of the content of the page has script rights. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T07:00:43.391Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hmm7-6ph9-8jf2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20312",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20312"
}
],
"source": {
"advisory": "GHSA-hmm7-6ph9-8jf2",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-livedata-macro vulnerable to Cross-site Scripting"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29508",
"datePublished": "2023-04-16T07:00:43.391Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55877
Vulnerability from cvelistv5
Published
2024-12-12 19:13
Modified
2024-12-13 14:54
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2r87-74cx-2p7c | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/40e1afe001d61eafdf13f3621b4b597a0e58a3e3 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-22030 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 9.7-rc-1, < 15.10.11 Version: >= 16.0.0-rc-1, < 16.4.1 Version: >= 16.5.0-rc-1, < 16.5.0 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55877",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T14:50:58.693479Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:54:49.185Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XWIKI-22030"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.7-rc-1, \u003c 15.10.11"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.4.1"
},
{
"status": "affected",
"version": "\u003e= 16.5.0-rc-1, \u003c 16.5.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been fixed in XWiki 15.10.11, 16.4.1 and 16.5.0. It is possible to manually apply the patch to the page `XWiki.XWikiSyntaxMacrosList` as a workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T19:15:53.684Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2r87-74cx-2p7c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2r87-74cx-2p7c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/40e1afe001d61eafdf13f3621b4b597a0e58a3e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/40e1afe001d61eafdf13f3621b4b597a0e58a3e3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-22030",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-22030"
}
],
"source": {
"advisory": "GHSA-2r87-74cx-2p7c",
"discovery": "UNKNOWN"
},
"title": "XWiki allows remote code execution from account through macro descriptions and XWiki.XWikiSyntaxMacrosList"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55877",
"datePublished": "2024-12-12T19:13:43.128Z",
"dateReserved": "2024-12-11T15:46:36.421Z",
"dateUpdated": "2024-12-13T14:54:49.185Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23621
Vulnerability from cvelistv5
Published
2022-02-09 21:25
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString("/WEB-INF/xwiki.cfg")`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/df8bd49b5a4d87a427002c6535fb5b1746ff117a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18870 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.6.0, < 13.7-rc-1 Version: >= 13.0.0, < 13.4.3 Version: < 12.10.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.128Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/df8bd49b5a4d87a427002c6535fb5b1746ff117a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18870"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.6.0, \u003c 13.7-rc-1"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.3"
},
{
"status": "affected",
"version": "\u003c 12.10.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(\"/WEB-INF/xwiki.cfg\")`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:25:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/df8bd49b5a4d87a427002c6535fb5b1746ff117a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18870"
}
],
"source": {
"advisory": "GHSA-2jhm-qp48-hv5j",
"discovery": "UNKNOWN"
},
"title": "Missing authorization in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23621",
"STATE": "PUBLIC",
"TITLE": "Missing authorization in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 13.6.0, \u003c 13.7-rc-1"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.4.3"
},
{
"version_value": "\u003c 12.10.9"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can read any file located in the XWiki WAR (for example xwiki.cfg and xwiki.properties) through XWiki#invokeServletAndReturnAsString as `$xwiki.invokeServletAndReturnAsString(\"/WEB-INF/xwiki.cfg\")`. This issue has been patched in XWiki versions 12.10.9, 13.4.3 and 13.7-rc-1. Users are advised to update. The only workaround is to limit SCRIPT right."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/df8bd49b5a4d87a427002c6535fb5b1746ff117a",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/df8bd49b5a4d87a427002c6535fb5b1746ff117a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18870",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18870"
}
]
},
"source": {
"advisory": "GHSA-2jhm-qp48-hv5j",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23621",
"datePublished": "2022-02-09T21:25:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:44.128Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35151
Vulnerability from cvelistv5
Published
2023-06-23 16:33
Modified
2024-11-27 20:47
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-16138 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.3-milestone-1, < 14.4.8 Version: >= 14.5, < 14.10.6 Version: >= 15.0-rc-1, < 15.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.701Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16138",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16138"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35151",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:47:20.730116Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:47:29.305Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.3-milestone-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 7.3-milestone-1 and prior to versions 14.4.8, 14.10.6, and 15.1, ny user can call a REST endpoint and obtain the obfuscated passwords, even when the mail obfuscation is activated. The issue has been patched in XWiki 14.4.8, 14.10.6, and 15.1. There is no known workaround."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T16:33:01.388Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8g9c-c9cm-9c56"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/824cd742ecf5439971247da11bfe7e0ad2b10ede"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16138",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16138"
}
],
"source": {
"advisory": "GHSA-8g9c-c9cm-9c56",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform may show email addresses in clear in REST results"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35151",
"datePublished": "2023-06-23T16:33:01.388Z",
"dateReserved": "2023-06-14T14:17:52.177Z",
"dateUpdated": "2024-11-27T20:47:29.305Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26480
Vulnerability from cvelistv5
Published
2023-03-02 17:09
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20143 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.10, < 13.10.10 Version: >= 14.0, < 14.4.7 Version: >= 14.5, < 14.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20143",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20143"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.10, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 12.10, a user without script rights can introduce a stored cross-site scripting by using the Live Data macro. This has been patched in XWiki 14.9, 14.4.7, and 13.10.10. There are no known workarounds.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T17:09:18.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-32fq-m2q5-h83g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/23d5ea9b23e84b5f3d1f1b2d5673fe8c774d0d79"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/556e7823260b826f344c1a6e95d935774587e028"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20143",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20143"
}
],
"source": {
"advisory": "GHSA-32fq-m2q5-h83g",
"discovery": "UNKNOWN"
},
"title": "XWiki-Platform vulnerable to stored Cross-site Scripting via the HTML displayer in Live Data"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26480",
"datePublished": "2023-03-02T17:09:18.909Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:52.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35161
Vulnerability from cvelistv5
Published
2023-06-23 18:51
Modified
2024-11-27 20:02
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu&resolve=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20614 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2-milestone-1, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.368Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20614",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20614"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:01:53.978334Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:02:02.038Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2-milestone-1, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the DeleteApplication page to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/view/AppWithinMinutes/DeleteApplication?appName=Menu\u0026resolve=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.2-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:51:45.575Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4xm7-5q79-3fch"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8f5a889b7cd140770e54f5b4195d88058790e305"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20614",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20614"
}
],
"source": {
"advisory": "GHSA-4xm7-5q79-3fch",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in DeleteApplication page"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35161",
"datePublished": "2023-06-23T18:51:45.575Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:02:02.038Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31982
Vulnerability from cvelistv5
Published
2024-04-10 19:38
Modified
2024-08-20 19:02
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki's database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.4-milestone-1, < 14.10.20 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.834Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21472",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21472"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.20",
"status": "affected",
"version": "2.4-milestone-1",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31982",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T19:00:50.608451Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T19:02:45.798Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.4-milestone-1, \u003c 14.10.20"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 2.4-milestone-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, XWiki\u0027s database search allows remote code execution through the search text. This allows remote code execution for any visitor of a public wiki or user of a closed wiki as the database search is by default accessible for all users. This impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may manually apply the patch to the page `Main.DatabaseSearch`. Alternatively, unless database search is explicitly used by users, this page can be deleted as this is not the default search interface of XWiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T19:38:01.879Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2858-8cfx-69m9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3c9e4bb04286de94ad24854026a09fa967538e31"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/459e968be8740c8abc2a168196ce21e5ba93cfb8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/95bdd6cc6298acdf7f8f21298d40eeb8390a8565"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21472",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21472"
},
{
"url": "https://www.vicarius.io/vsociety/posts/xwiki-rce-cve-2024-31982"
}
],
"source": {
"advisory": "GHSA-2858-8cfx-69m9",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Remote code execution as guest via DatabaseSearch"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31982",
"datePublished": "2024-04-10T19:38:01.879Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-20T19:02:45.798Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29209
Vulnerability from cvelistv5
Published
2023-04-15 16:06
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user's profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20258 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 10.9, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.868Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20258",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.9, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the legacy notification activity macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the macro parameters of the legacy notification activity macro. This macro is installed by default in XWiki. The vulnerability can be exploited via every wiki page that is editable including the user\u0027s profile, but also with just view rights using the HTMLConverter that is part of the CKEditor integration which is bundled with XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T16:06:44.752Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9pc2-x9qf-7j2q"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/94392490884635c028199275db059a4f471e57bc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20258",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20258"
}
],
"source": {
"advisory": "GHSA-9pc2-x9qf-7j2q",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-legacy-notification-activitymacro Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29209",
"datePublished": "2023-04-15T16:06:44.752Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.868Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29210
Vulnerability from cvelistv5
Published
2023-04-15 16:20
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20259 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.2-rc-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.863Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20259",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20259"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.2-rc-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents including the notification preferences macros can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the user parameter of the macro that provide the notification filters. These macros are used in the user profiles and thus installed by default in XWiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T16:20:29.342Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p9mj-v5mf-m82x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/cebf9167e4fd64a8777781fc56461e9abbe0b32a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20259",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20259"
}
],
"source": {
"advisory": "GHSA-p9mj-v5mf-m82x",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-notifications-ui Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29210",
"datePublished": "2023-04-15T16:20:29.342Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.863Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29252
Vulnerability from cvelistv5
Published
2022-05-25 20:55
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the "requestJoin" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ph5x-h23x-7q5q | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/27f839133d41877e538d35fa88274b50a1c00b9b | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19292 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.3-milestone-2, < 12.10.11 Version: >= 13.0, < 13.4.7 Version: >= 13.5, < 13.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ph5x-h23x-7q5q"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/27f839133d41877e538d35fa88274b50a1c00b9b"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19292"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3-milestone-2, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.4.7"
},
{
"status": "affected",
"version": "\u003e= 13.5, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the \"requestJoin\" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T20:55:16",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ph5x-h23x-7q5q"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/27f839133d41877e538d35fa88274b50a1c00b9b"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19292"
}
],
"source": {
"advisory": "GHSA-ph5x-h23x-7q5q",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in XWiki Platform Wiki UI Main Wiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29252",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in XWiki Platform Wiki UI Main Wiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.3-milestone-2, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0, \u003c 13.4.7"
},
{
"version_value": "\u003e= 13.5, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Wiki UI Main Wiki is a package for managing subwikis. Starting with version 5.3-milestone-2, XWiki Platform Wiki UI Main Wiki contains a possible cross-site scripting vector in the `WikiManager.JoinWiki ` wiki page related to the \"requestJoin\" field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `WikiManager.JoinWiki` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ph5x-h23x-7q5q",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ph5x-h23x-7q5q"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/27f839133d41877e538d35fa88274b50a1c00b9b",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/27f839133d41877e538d35fa88274b50a1c00b9b"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19292",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19292"
}
]
},
"source": {
"advisory": "GHSA-ph5x-h23x-7q5q",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29252",
"datePublished": "2022-05-25T20:55:16",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-41046
Vulnerability from cvelistv5
Published
2023-09-01 19:59
Modified
2024-09-30 20:20
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type "TextArea" and content type "VelocityCode" or "VelocityWiki". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn't need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for "VelocityCode", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20847 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20848 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.2, < 14.10.10 Version: >= 15.0-rc-1, < 15.4-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:46:11.731Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20847",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20847"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20848",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20848"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-41046",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-30T20:20:35.350214Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-30T20:20:54.569Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2, \u003c 14.10.10"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.4-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible in XWiki to execute Velocity code without having script right by creating an XClass with a property of type \"TextArea\" and content type \"VelocityCode\" or \"VelocityWiki\". For the former, the syntax of the document needs to be set the `xwiki/1.0` (this syntax doesn\u0027t need to be installed). In both cases, when adding the property to an object, the Velocity code is executed regardless of the rights of the author of the property (edit right is still required, though). In both cases, the code is executed with the correct context author so no privileged APIs can be accessed. However, Velocity still grants access to otherwise inaccessible data and APIs that could allow further privilege escalation. At least for \"VelocityCode\", this behavior is most likely very old but only since XWiki 7.2, script right is a separate right, before that version all users were allowed to execute Velocity and thus this was expected and not a security issue. This has been patched in XWiki 14.10.10 and 15.4 RC1. Users are advised to upgrade. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-09-01T19:59:23.278Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m5m2-h6h9-p2c8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/edc52579eeaab1b4514785c134044671a1ecd839"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20847",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20847"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20848",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20848"
}
],
"source": {
"advisory": "GHSA-m5m2-h6h9-p2c8",
"discovery": "UNKNOWN"
},
"title": "Velocity execution without script rights in Xwiki platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-41046",
"datePublished": "2023-09-01T19:59:23.278Z",
"dateReserved": "2023-08-22T16:57:23.933Z",
"dateUpdated": "2024-09-30T20:20:54.569Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55876
Vulnerability from cvelistv5
Published
2024-12-12 18:59
Modified
2024-12-13 14:55
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21663 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.2-milestone-2, < 15.10.9 Version: >= 16.0.0-rc-1, < 16.3.0 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55876",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T14:52:05.467259Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:55:19.672Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21663"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2-milestone-2, \u003c 15.10.9"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch."
}
],
"metrics": [
{
"cvssV3_0": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L",
"version": "3.0"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T18:59:49.733Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21663",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21663"
}
],
"source": {
"advisory": "GHSA-cwq6-mjmx-47p6",
"discovery": "UNKNOWN"
},
"title": "XWiki\u0027s scheduler in subwiki allows scheduling operations for any main wiki user"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55876",
"datePublished": "2024-12-12T18:59:49.733Z",
"dateReserved": "2024-12-11T15:46:36.421Z",
"dateUpdated": "2024-12-13T14:55:19.672Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41931
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.4-milestone-2, < 13.10.7 Version: >= 14.0.0, < 14.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.585Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19805"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.4-milestone-2, \u003c 13.10.7"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19805"
}
],
"source": {
"advisory": "GHSA-5j7g-cf6r-g2h7",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in xwiki-platform-icon-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41931",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.585Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-38509
Vulnerability from cvelistv5
Published
2023-07-27 18:53
Modified
2024-08-02 17:46
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20601 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.5-milestone-1, < 14.10.9 Version: >= 15.0, < 15.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:46:55.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20601",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20601"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5-milestone-1, \u003c 14.10.9"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 15.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. In org.xwiki.platform:xwiki-platform-livetable-ui starting with version 3.5-milestone-1 and prior to versions 14.10.9 and 15.3-rc-1, the mail obfuscation configuration was not fully taken into account and is was still possible by obfuscated emails. This has been patched in XWiki 14.10.9 and XWiki 15.3-rc-1. A workaround is to modify the page `XWiki.LiveTableResultsMacros` following the patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-03-18T18:06:40.382Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g9w4-prf3-m25g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1dfb6804d4d412794cbe0098d4972b8ac263df0c"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20601",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20601"
}
],
"source": {
"advisory": "GHSA-g9w4-prf3-m25g",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform\u0027s obfuscated email addresses should not be sorted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-38509",
"datePublished": "2023-07-27T18:53:31.259Z",
"dateReserved": "2023-07-18T16:28:12.078Z",
"dateUpdated": "2024-08-02T17:46:55.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40176
Vulnerability from cvelistv5
Published
2023-08-23 19:33
Modified
2024-10-02 20:42
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8cm-3v5f-rgp6 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-7847 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.1-milestone-2, < 14.10.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8cm-3v5f-rgp6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8cm-3v5f-rgp6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7847",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7847"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40176",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:39:23.203501Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:42:19.534Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.1-milestone-2, \u003c 14.10.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can exploit a stored XSS through their user profile by setting the payload as the value of the time zone user preference. Even though the time zone is selected from a drop down (no free text value) it can still be set from JavaScript (using the browser developer tools) or by calling the save URL on the user profile with the right query string. Once the time zone is set it is displayed without escaping which means the payload gets executed for any user that visits the malicious user profile, allowing the attacker to steal information and even gain more access rights (escalation to programming rights). This issue is present since version 4.1M2 when the time zone user preference was introduced. The issue has been fixed in XWiki 14.10.5 and 15.1RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T19:33:15.234Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8cm-3v5f-rgp6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8cm-3v5f-rgp6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d11ca5d781f8a42a85bc98eb82306c1431e764d4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7847",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7847"
}
],
"source": {
"advisory": "GHSA-h8cm-3v5f-rgp6",
"discovery": "UNKNOWN"
},
"title": "SXSS in the user profile via the timezone displayer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40176",
"datePublished": "2023-08-23T19:33:15.234Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-10-02T20:42:19.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23620
Vulnerability from cvelistv5
Published
2022-02-09 21:15
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18819 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2-rc-1, < 13.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.194Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18819"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2-rc-1, \u003c 13.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:15:12",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18819"
}
],
"source": {
"advisory": "GHSA-7ph6-5cmq-xgjq",
"discovery": "UNKNOWN"
},
"title": "Path traversal in xwiki-platform-skin-skinx",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23620",
"STATE": "PUBLIC",
"TITLE": "Path traversal in xwiki-platform-skin-skinx"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2-rc-1, \u003c 13.6"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18819",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18819"
}
]
},
"source": {
"advisory": "GHSA-7ph6-5cmq-xgjq",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23620",
"datePublished": "2022-02-09T21:15:12",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:44.194Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50721
Vulnerability from cvelistv5
Published
2023-12-15 19:02
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21200 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.5-rc-1, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.2 Version: >= 15.6-rc-1, < 15.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.207Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21200",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.5-rc-1, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn\u0027t properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user\u0027s profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:46.076Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21200",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21200"
}
],
"source": {
"advisory": "GHSA-7654-vfh6-rw6x",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform RCE from account through SearchAdmin"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50721",
"datePublished": "2023-12-15T19:02:46.076Z",
"dateReserved": "2023-12-11T17:53:36.031Z",
"dateUpdated": "2024-08-02T22:16:47.207Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50722
Vulnerability from cvelistv5
Published
2023-12-15 19:02
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn't require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21167 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.3, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.2 Version: >= 15.6-rc-1, < 15.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.397Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21167",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21167"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, there is a reflected XSS or also direct remote code execution vulnerability in the code for displaying configurable admin sections. The code that can be passed through a URL parameter is only executed when the user who is visiting the crafted URL has edit right on at least one configuration section. While any user of the wiki could easily create such a section, this vulnerability doesn\u0027t require the attacker to have an account or any access on the wiki. It is sufficient to trick any admin user of the XWiki installation to visit the crafted URL. This vulnerability allows full remote code execution with programming rights and thus impacts the confidentiality, integrity and availability of the whole XWiki installation. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patch can be manually applied to the document `XWiki.ConfigurableClass`.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:52.134Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21167",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21167"
}
],
"source": {
"advisory": "GHSA-cp3j-273x-3jxc",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform XSS/CSRF Remote Code Execution in XWiki.ConfigurableClass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50722",
"datePublished": "2023-12-15T19:02:52.134Z",
"dateReserved": "2023-12-11T17:53:36.031Z",
"dateUpdated": "2024-08-02T22:16:47.397Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31997
Vulnerability from cvelistv5
Published
2024-04-10 21:55
Modified
2024-08-13 13:49
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user's own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21335 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.826Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21335",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21335"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.9-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31997",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:43:17.439725Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:49:14.493Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, parameters of UI extensions are always interpreted as Velocity code and executed with programming rights. Any user with edit right on any document like the user\u0027s own profile can create UI extensions. This allows remote code execution and thereby impacts the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9-RC1. No known workarounds are available."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T21:55:43.475Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c2gg-4gq4-jv5j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/171e7c7d0e56deaa7b3678657ae26ef95379b1ea"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1b2574eb966457ca4ef34e557376b8751d1be90d"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/56748e154a9011f0d6239bec0823eaaeab6ec3f7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21335",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21335"
}
],
"source": {
"advisory": "GHSA-c2gg-4gq4-jv5j",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform remote code execution from account through UIExtension parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31997",
"datePublished": "2024-04-10T21:55:43.475Z",
"dateReserved": "2024-04-08T13:48:37.492Z",
"dateUpdated": "2024-08-13T13:49:14.493Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36469
Vulnerability from cvelistv5
Published
2023-06-29 20:38
Modified
2024-11-26 19:14
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 9.6-rc-1, < 14.10.6 Version: >= 15.0-rc-1, < 15.2-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:56.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20610",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20610"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36469",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:14:06.965467Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:14:16.578Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.6-rc-1, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile and notification settings can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.6 and 15.2RC1. Users are advised to update. As a workaround the main security fix can be manually applied by patching the affected document `XWiki.Notifications.Code.NotificationRSSService`. This will break the link to the differences, though as this requires additional changes to Velocity templates as shown in the patch. While the default template is available in the instance and can be easily patched, the template for mentions is contained in a `.jar`-file and thus cannot be fixed without replacing that jar."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:38:52.760Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-94pf-92hw-2hjc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-7221a548809fa2ba34348556f4b5bd436463c559ebdf691197932ee7ce4478ca"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/217e5bb7a657f2991b154a16ef4d5ae9c29ad39c#diff-b261c6eac3108c3e6e734054c28a78f59d3439ab72fe8582dadf87670a0d15a4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20610",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20610"
}
],
"source": {
"advisory": "GHSA-94pf-92hw-2hjc",
"discovery": "UNKNOWN"
},
"title": "Code injection through NotificationRSSService in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36469",
"datePublished": "2023-06-29T20:38:52.760Z",
"dateReserved": "2023-06-21T18:50:41.700Z",
"dateUpdated": "2024-11-26T19:14:16.578Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29516
Vulnerability from cvelistv5
Published
2023-04-18 23:51
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the "Cancel and return to page" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20275 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.426Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20275",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20275"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on `XWiki.AttachmentSelector` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping in the \"Cancel and return to page\" button. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:51:58.775Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3989-4c6x-725f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/aca1d677c58563bbe6e35c9e1c29fd8b12ebb996"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20275",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20275"
}
],
"source": {
"advisory": "GHSA-3989-4c6x-725f",
"discovery": "UNKNOWN"
},
"title": "Code injection from view right on XWiki.AttachmentSelector in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29516",
"datePublished": "2023-04-18T23:51:58.775Z",
"dateReserved": "2023-04-07T18:56:54.627Z",
"dateUpdated": "2024-08-02T14:07:46.426Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31985
Vulnerability from cvelistv5
Published
2024-04-10 20:11
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.1, < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.9 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31985",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-11T17:28:09.550279Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-04T17:37:18.406Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.770Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2r6-r929-v6gf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2r6-r929-v6gf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20851",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20851"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1, \u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the `Scheduler.WebHome` page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T20:25:56.501Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2r6-r929-v6gf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2r6-r929-v6gf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20851",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20851"
}
],
"source": {
"advisory": "GHSA-j2r6-r929-v6gf",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform CSRF in the job scheduler"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31985",
"datePublished": "2024-04-10T20:11:53.091Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-02T01:59:50.770Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29524
Vulnerability from cvelistv5
Published
2023-04-18 23:04
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a new object of type XWiki.SchedulerJobClass, In "Job Script", groovy code can be added and will be executed in the server context on viewing. This has been patched in XWiki 14.10.3 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20295 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20462 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.584Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20295",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20295"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20462",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20462"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to execute anything with the right of the Scheduler Application sheet page. A user without script or programming rights, edit your user profile with the object editor and add a new object of type XWiki.SchedulerJobClass, In \"Job Script\", groovy code can be added and will be executed in the server context on viewing. This has been patched in XWiki 14.10.3 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:04:48.087Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fc42-5w56-qw7h"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20295",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20295"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20462",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20462"
}
],
"source": {
"advisory": "GHSA-fc42-5w56-qw7h",
"discovery": "UNKNOWN"
},
"title": "Code injection from account through XWiki.SchedulerJobSheet in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29524",
"datePublished": "2023-04-18T23:04:48.087Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:14:38.584Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36470
Vulnerability from cvelistv5
Published
2023-06-29 20:31
Modified
2024-11-26 19:17
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set's HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20524 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2-milestone-1, < 14.10.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.109Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20524",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20524"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36470",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-26T19:17:40.968740Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-26T19:17:50.731Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2-milestone-1, \u003c 14.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By either creating a new or editing an existing document with an icon set, an attacker can inject XWiki syntax and Velocity code that is executed with programming rights and thus allows remote code execution. There are different attack vectors, the simplest is the Velocity code in the icon set\u0027s HTML or XWiki syntax definition. The [icon picker](https://extensions.xwiki.org/xwiki/bin/view/Extension/Icon%20Theme%20Application#HIconPicker) can be used to trigger the rendering of any icon set. The XWiki syntax variant of the icon set is also used without any escaping in some documents, allowing to inject XWiki syntax including script macros into a document that might have programming right, for this the currently used icon theme needs to be edited. Further, the HTML output of the icon set is output as JSON in the icon picker and this JSON is interpreted as XWiki syntax, allowing again the injection of script macros into a document with programming right and thus allowing remote code execution. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This issue has been patched in XWiki 14.10.6 and 15.1. Icon themes now require script right and the code in the icon theme is executed within the context of the icon theme, preventing any rights escalation. A macro for displaying icons has been introduced to avoid injecting the raw wiki syntax of an icon set into another document. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-29T20:31:54.366Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fm68-j7ww-h9xf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/46b542854978e9caa687a5c2b8817b8b17877d94"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/79418dd92ca11941b46987ef881bf50424898ff4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b0cdfd893912baaa053d106a92e39fa1858843c7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20524",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20524"
}
],
"source": {
"advisory": "GHSA-fm68-j7ww-h9xf",
"discovery": "UNKNOWN"
},
"title": "Code injection in icon themes of XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36470",
"datePublished": "2023-06-29T20:31:54.366Z",
"dateReserved": "2023-06-21T18:50:41.701Z",
"dateUpdated": "2024-11-26T19:17:50.731Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29507
Vulnerability from cvelistv5
Published
2023-04-16 06:52
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20380 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.5, < 14.10 Version: >= 14.4.1, < 14.4.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.323Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20380",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20380"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
},
{
"status": "affected",
"version": "\u003e= 14.4.1, \u003c 14.4.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T06:52:19.020Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20380",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20380"
}
],
"source": {
"advisory": "GHSA-pwfv-3cvg-9m4c",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29507",
"datePublished": "2023-04-16T06:52:19.020Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.323Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29212
Vulnerability from cvelistv5
Published
2023-04-16 06:39
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the included documents edit panel. The problem has been patched on XWiki 14.4.7, and 14.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.997Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20293",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the included documents edit panel. The problem has been patched on XWiki 14.4.7, and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T06:39:52.119Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c5f4-p5wv-2475"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/22f249a0eb9f2a64214628217e812a994419b69f#diff-a51a252f0190274464027342b4e3eafc4ae32de4d9c17ef166e54fc5454c5689R214-R217"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20293",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20293"
}
],
"source": {
"advisory": "GHSA-c5f4-p5wv-2475",
"discovery": "UNKNOWN"
},
"title": "xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29212",
"datePublished": "2023-04-16T06:39:52.119Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.997Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26474
Vulnerability from cvelistv5
Published
2023-03-02 18:12
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20373 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.10, < 13.10.11 Version: >= 14.0, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.184Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20373",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20373"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.10, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 13.10, it\u0027s possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:12:16.209Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20373",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20373"
}
],
"source": {
"advisory": "GHSA-3738-p9x3-mv9r",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26474",
"datePublished": "2023-03-02T18:12:16.209Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:54.184Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23619
Vulnerability from cvelistv5
Published
2022-02-09 21:10
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to guess if a user has an account on the wiki by using the "Forgot your password" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18787 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.6.0, < 13.6RC1 Version: >= 13.0.0, < 13.4.1 Version: < 12.10.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18787"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.6.0, \u003c 13.6RC1"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.1"
},
{
"status": "affected",
"version": "\u003c 12.10.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible to guess if a user has an account on the wiki by using the \"Forgot your password\" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:10:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18787"
}
],
"source": {
"advisory": "GHSA-35fg-hjcr-j65f",
"discovery": "UNKNOWN"
},
"title": "Information exposure in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23619",
"STATE": "PUBLIC",
"TITLE": "Information exposure in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 13.6.0, \u003c 13.6RC1"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.4.1"
},
{
"version_value": "\u003c 12.10.9"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible to guess if a user has an account on the wiki by using the \"Forgot your password\" form, even if the wiki is closed to guest users. This problem has been patched on XWiki 12.10.9, 13.4.1 and 13.6RC1. Users are advised yo update. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/d8a3cce48e0ac1a0f4a3cea7a19747382d9c9494"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18787",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18787"
}
]
},
"source": {
"advisory": "GHSA-35fg-hjcr-j65f",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23619",
"datePublished": "2022-02-09T21:10:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26470
Vulnerability from cvelistv5
Published
2023-03-02 18:37
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and make it unusable every time this document is manipulated. This issue has been patched in XWiki 14.0-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19223 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.794Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19223",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19223"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to make the farm unusable by adding an object to a page with a huge number (e.g. 67108863). Most of the time this will fill the memory allocated to XWiki and make it unusable every time this document is manipulated. This issue has been patched in XWiki 14.0-rc-1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:37:23.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-92wp-r7hm-42g7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/04e5a89d2879b160cdfaea846024d3d9c1a525e6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/db3d1c62fc5fb59fefcda3b86065d2d362f55164"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fdfce062642b0ac062da5cda033d25482f4600fa"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19223",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19223"
}
],
"source": {
"advisory": "GHSA-92wp-r7hm-42g7",
"discovery": "UNKNOWN"
},
"title": "In XWiki Platform, saving a document with a large object number leads to persistent OOM errors"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26470",
"datePublished": "2023-03-02T18:37:23.588Z",
"dateReserved": "2023-02-23T23:22:58.572Z",
"dateUpdated": "2024-08-02T11:53:53.794Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31166
Vulnerability from cvelistv5
Published
2022-09-07 14:10
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome (and XWiki space in general) should be protected by default for edit rights. The problem has been patched in XWiki 13.10.4 and 14.2RC1 to not consider anymore empty values in XWikiRights. It's possible to work around the problem by setting appropriate rights on XWiki.WebHome page to prevent users to edit it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/pull/1800 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-15776 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18386 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.3.7, < 13.10.4 Version: >= 14.0-rc-1, < 14.2-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.699Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/pull/1800"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-15776"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18386"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.3.7, \u003c 13.10.4"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome (and XWiki space in general) should be protected by default for edit rights. The problem has been patched in XWiki 13.10.4 and 14.2RC1 to not consider anymore empty values in XWikiRights. It\u0027s possible to work around the problem by setting appropriate rights on XWiki.WebHome page to prevent users to edit it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T14:10:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/pull/1800"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-15776"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18386"
}
],
"source": {
"advisory": "GHSA-g4h6-qp44-wqvx",
"discovery": "UNKNOWN"
},
"title": "XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31166",
"STATE": "PUBLIC",
"TITLE": "XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.3.7, \u003c 13.10.4"
},
{
"version_value": "\u003e= 14.0-rc-1, \u003c 14.2-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome (and XWiki space in general) should be protected by default for edit rights. The problem has been patched in XWiki 13.10.4 and 14.2RC1 to not consider anymore empty values in XWikiRights. It\u0027s possible to work around the problem by setting appropriate rights on XWiki.WebHome page to prevent users to edit it."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-269: Improper Privilege Management"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/pull/1800",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/pull/1800"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-15776",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-15776"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18386",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18386"
}
]
},
"source": {
"advisory": "GHSA-g4h6-qp44-wqvx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31166",
"datePublished": "2022-09-07T14:10:12",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.699Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37911
Vulnerability from cvelistv5
Published
2023-10-25 17:19
Modified
2024-09-17 13:36
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f | x_refsource_MISC | |
| https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20684 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20685 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20817 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 9.4-rc-1, < 14.10.8 Version: >= 15.0-rc-1, < 15.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.888Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f"
},
{
"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20684",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20684"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20685",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20685"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20817",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20817"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37911",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:36:31.402095Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:36:53.642Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.4-rc-1, \u003c 14.10.8"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 9.4-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, when a document has been deleted and re-created, it is possible for users with view right on the re-created document but not on the deleted document to view the contents of the deleted document. Such a situation might arise when rights were added to the deleted document. This can be exploited through the diff feature and, partially, through the REST API by using versions such as `deleted:1` (where the number counts the deletions in the wiki and is thus guessable). Given sufficient rights, the attacker can also re-create the deleted document, thus extending the scope to any deleted document as long as the attacker has edit right in the location of the deleted document. This vulnerability has been patched in XWiki 14.10.8 and 15.3 RC1 by properly checking rights when deleted revisions of a document are accessed. The only workaround is to regularly clean deleted documents to minimize the potential exposure. Extra care should be taken when deleting sensitive documents that are protected individually (and not, e.g., by being placed in a protected space) or deleting a protected space as a whole."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T17:19:46.416Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gh64-qxh5-4m33"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f"
},
{
"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages",
"tags": [
"x_refsource_MISC"
],
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/Index%20Application#HPermanentlydeleteallpages"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20684",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20684"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20685",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20685"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20817",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20817"
}
],
"source": {
"advisory": "GHSA-gh64-qxh5-4m33",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-oldcore may leak data through deleted and re-created documents"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37911",
"datePublished": "2023-10-25T17:19:46.416Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-09-17T13:36:53.642Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29513
Vulnerability from cvelistv5
Published
2023-04-18 23:46
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-19852 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20400 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.364Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19852"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20400",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It\u0027s possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:46:10.746Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19852",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19852"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20400",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20400"
}
],
"source": {
"advisory": "GHSA-fp36-mjw5-fmgx",
"discovery": "UNKNOWN"
},
"title": "Users can be created even when registration is disabled without validation via the template macro in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29513",
"datePublished": "2023-04-18T23:46:10.746Z",
"dateReserved": "2023-04-07T18:56:54.627Z",
"dateUpdated": "2024-08-02T14:07:46.364Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21380
Vulnerability from cvelistv5
Published
2021-03-23 22:45
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-17662 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.981Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17662"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-89",
"description": "CWE-89 SQL Injection",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-23T22:45:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17662"
}
],
"source": {
"advisory": "GHSA-79rg-7mv3-jrr5",
"discovery": "UNKNOWN"
},
"title": "Rating Script Service expose XWiki to SQL injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21380",
"STATE": "PUBLIC",
"TITLE": "Rating Script Service expose XWiki to SQL injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.9"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-89 SQL Injection"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17662",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17662"
}
]
},
"source": {
"advisory": "GHSA-79rg-7mv3-jrr5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21380",
"datePublished": "2021-03-23T22:45:15",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.981Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41937
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.8 Version: >= 14.0.0, < 14.4.3 Version: >= 14.5.0, < 14.6-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.552Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q6jp-gcww-8v2j"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fb49b4f289ee28e45cfada8e97e320cd3ed27113"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19758"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.3"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.6-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8. As a workaround, setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on main wiki or edit the page and apply the changed described in commit fb49b4f."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q6jp-gcww-8v2j"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/fb49b4f289ee28e45cfada8e97e320cd3ed27113"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19758"
}
],
"source": {
"advisory": "GHSA-q6jp-gcww-8v2j",
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41937",
"datePublished": "2022-11-22T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29525
Vulnerability from cvelistv5
Published
2023-04-18 23:01
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.4.8 Version: >= 14.5.0, < 14.10.3. |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.592Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20287",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20287"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.3."
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions \u003c 14.6-rc-1 a workaround is to modify the file `\u003cxwikiwebapp\u003e/templates/distribution/eventmigration.wiki` to add the missing escaping."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:01:46.239Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20287",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20287"
}
],
"source": {
"advisory": "GHSA-jgg7-w2rj-58cj",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29525",
"datePublished": "2023-04-18T23:01:46.239Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:14:38.592Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34465
Vulnerability from cvelistv5
Published
2023-06-23 15:07
Modified
2024-11-29 14:38
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group).
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g75c-cjr6-39mc | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/8910b8857d3442d2e8142f655fdc0512930354d1 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/d28d7739089e1ae8961257d9da7135d1a01cb7d4 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20519 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20671 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.8-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.6 Version: >= 15.0-rc-1, < 15.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:06.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g75c-cjr6-39mc",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g75c-cjr6-39mc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8910b8857d3442d2e8142f655fdc0512930354d1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8910b8857d3442d2e8142f655fdc0512930354d1"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d28d7739089e1ae8961257d9da7135d1a01cb7d4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d28d7739089e1ae8961257d9da7135d1a01cb7d4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20519",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20519"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20671",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20671"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34465",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:37:52.504732Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:38:11.552Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.8-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 11.8-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.2, `Mail.MailConfig` can be edited by any logged-in user by default. Consequently, they can change the mail obfuscation configuration and view and edit the mail sending configuration, including the smtp domain name and credentials. The problem has been patched in XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, the rights of the `Mail.MailConfig` page can be manually updated so that only a set of trusted users can view, edit and delete it (e.g., the `XWiki.XWikiAdminGroup` group)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T15:07:59.732Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g75c-cjr6-39mc",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g75c-cjr6-39mc"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8910b8857d3442d2e8142f655fdc0512930354d1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8910b8857d3442d2e8142f655fdc0512930354d1"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d28d7739089e1ae8961257d9da7135d1a01cb7d4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d28d7739089e1ae8961257d9da7135d1a01cb7d4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20519",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20519"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20671",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20671"
}
],
"source": {
"advisory": "GHSA-g75c-cjr6-39mc",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform\u0027s Mail.MailConfig can be edited by any user with edit rights"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34465",
"datePublished": "2023-06-23T15:07:59.732Z",
"dateReserved": "2023-06-06T16:16:53.560Z",
"dateUpdated": "2024-11-29T14:38:11.552Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37901
Vulnerability from cvelistv5
Published
2024-07-31 15:19
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 15.6-rc-1, < 15.10.2 Version: >= 15.0-rc-1, < 15.5.5 Version: >= 9.2-rc-1, < 14.10.21 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.10.2",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "14.10.21",
"status": "affected",
"version": "9.2-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37901",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-06T19:00:10.576097Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:05.363Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.2"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 9.2-rc-1, \u003c 14.10.21"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit right on any page can perform arbitrary remote code execution by adding instances of `XWiki.SearchSuggestConfig` and `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.21, 15.5.5 and 15.10.2."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:19:36.588Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21473",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21473"
}
],
"source": {
"advisory": "GHSA-h63h-5c77-77p5",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37901",
"datePublished": "2024-07-31T15:19:36.588Z",
"dateReserved": "2024-06-10T19:54:41.362Z",
"dateUpdated": "2024-08-13T13:37:05.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36091
Vulnerability from cvelistv5
Published
2022-09-08 16:10
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-18849 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.3, < 13.10.4 Version: >= 14.0, < 14.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.523Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18849"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3, \u003c 13.10.4"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn\u0027t have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T16:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18849"
}
],
"source": {
"advisory": "GHSA-599v-w48h-rjrm",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36091",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.3, \u003c 13.10.4"
},
{
"version_value": "\u003e= 14.0, \u003c 14.2"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn\u0027t have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. The issue is patched in version 13.10.4 and 14.2. Password properties are no longer displayed and rights are checked for other properties. A workaround is available. The template file `suggest.vm` can be replaced by a patched version without upgrading or restarting XWiki unless it has been overridden, in which case the overridden template should be patched, too. This might need adjustments for older versions, though."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18849",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18849"
}
]
},
"source": {
"advisory": "GHSA-599v-w48h-rjrm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36091",
"datePublished": "2022-09-08T16:10:09",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.523Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29517
Vulnerability from cvelistv5
Published
2023-04-18 23:54
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20324 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20447 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20449 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.253Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20324",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20324"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20447",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20447"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20449",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20449"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:54:12.665Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20324",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20324"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20447",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20447"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20449",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20449"
}
],
"source": {
"advisory": "GHSA-m3c3-9qj7-7xmx",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29517",
"datePublished": "2023-04-18T23:54:12.665Z",
"dateReserved": "2023-04-07T18:56:54.628Z",
"dateUpdated": "2024-08-02T14:07:46.253Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32730
Vulnerability from cvelistv5
Published
2021-07-01 17:30
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It's possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v9j2-q4q5-cxh4 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/0a36dbcc5421d450366580217a47cc44d32f7257 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18315 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.10.5 Version: >= 13.0, <= 13.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.828Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v9j2-q4q5-cxh4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0a36dbcc5421d450366580217a47cc44d32f7257"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18315"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.10.5"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c= 13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It\u0027s possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T17:30:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v9j2-q4q5-cxh4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0a36dbcc5421d450366580217a47cc44d32f7257"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18315"
}
],
"source": {
"advisory": "GHSA-v9j2-q4q5-cxh4",
"discovery": "UNKNOWN"
},
"title": "No CSRF protection on the password change form",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32730",
"STATE": "PUBLIC",
"TITLE": "No CSRF protection on the password change form"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.10.5"
},
{
"version_value": "\u003e= 13.0, \u003c= 13.1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A cross-site request forgery vulnerability exists in versions prior to 12.10.5, and in versions 13.0 through 13.1. It\u0027s possible for forge an URL that, when accessed by an admin, will reset the password of any user in XWiki. The problem has been patched in XWiki 12.10.5 and 13.2RC1. As a workaround, it is possible to apply the patch manually by modifying the `register_macros.vm` template."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v9j2-q4q5-cxh4",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v9j2-q4q5-cxh4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0a36dbcc5421d450366580217a47cc44d32f7257",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/0a36dbcc5421d450366580217a47cc44d32f7257"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18315",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18315"
}
]
},
"source": {
"advisory": "GHSA-v9j2-q4q5-cxh4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32730",
"datePublished": "2021-07-01T17:30:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.828Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31983
Vulnerability from cvelistv5
Published
2024-04-10 19:44
Modified
2024-08-13 13:54
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21411 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.3-milestone-2, < 14.10.20 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.5.4",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
},
{
"lessThan": "14.10.20",
"status": "affected",
"version": "4.3-milestone-2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31983",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-03T14:28:02.851069Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:54:49.159Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.829Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21411",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21411"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.3-milestone-2, \u003c 14.10.20"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T19:52:42.048Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21411",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21411"
}
],
"source": {
"advisory": "GHSA-xxp2-9c9g-7wmj",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Remote code execution from edit in multilingual wikis via translations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31983",
"datePublished": "2024-04-10T19:44:48.503Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-13T13:54:49.159Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29526
Vulnerability from cvelistv5
Published
2023-04-18 22:57
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XRENDERING-694 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20394 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 10.11.1, < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.636Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-694",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-694"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20394",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20394"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 10.11.1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T22:57:29.722Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"
},
{
"name": "https://jira.xwiki.org/browse/XRENDERING-694",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XRENDERING-694"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20394",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20394"
}
],
"source": {
"advisory": "GHSA-gpq5-7p34-vqx5",
"discovery": "UNKNOWN"
},
"title": "Async and display macro allow displaying and interacting with any document in restricted mode"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29526",
"datePublished": "2023-04-18T22:57:29.722Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:14:38.636Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-41947
Vulnerability from cvelistv5
Published
2024-07-31 15:24
Modified
2024-08-13 13:36
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21626 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.8-rc-1, < 15.10.8 Version: >= 16.0.0-rc-1, < 16.3.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.10.8",
"status": "affected",
"version": "11.8-rc-1",
"versionType": "custom"
},
{
"lessThan": "16.3.0-rc-1",
"status": "affected",
"version": "16.0.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-41947",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T15:55:49.598423Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:36:59.723Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.8-rc-1, \u003c 15.10.8"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:24:20.271Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21626",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21626"
}
],
"source": {
"advisory": "GHSA-692v-783f-mg8x",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform XSS through conflict resolution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-41947",
"datePublished": "2024-07-31T15:24:20.271Z",
"dateReserved": "2024-07-24T16:51:40.948Z",
"dateUpdated": "2024-08-13T13:36:59.723Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55879
Vulnerability from cvelistv5
Published
2024-12-12 19:17
Modified
2024-12-13 14:54
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21207 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.3, < 15.10.9 Version: >= 16.0.0-rc-1, < 16.3.0 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55879",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T14:50:04.671966Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:54:21.161Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3, \u003c 15.10.9"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T19:17:38.138Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r279-47wg-chpr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8493435ff9606905a2d913607d6c79862d0c168d"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21207",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21207"
}
],
"source": {
"advisory": "GHSA-r279-47wg-chpr",
"discovery": "UNKNOWN"
},
"title": "XWiki allows RCE from script right in configurable sections"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55879",
"datePublished": "2024-12-12T19:17:38.138Z",
"dateReserved": "2024-12-11T15:46:36.421Z",
"dateUpdated": "2024-12-13T14:54:21.161Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41933
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the "Forgot your password" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It's also possible for administrators to set some properties for the migration: it's possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won't be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.1RC1, < 13.10.8 Version: >= 14.0.0, < 14.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19869"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19945"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.1RC1, \u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the `reset a forgotten password` feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only concerns the reset password feature available from the \"Forgot your password\" link in the login view: the features allowing a user to change their password, or for an admin to change a user password are not impacted. This vulnerability is particularly dangerous in combination with other vulnerabilities allowing to perform data leak of personal data from users, such as GHSA-599v-w48h-rjrm. Note that this vulnerability only concerns the users of the main wiki: in case of farms, the users registered on subwiki are not impacted thanks to a bug we discovered when investigating this. The problem has been patched in version 14.6RC1, 14.4.3 and 13.10.8. The patch involves a migration of the impacted users as well as the history of the page, to ensure no password remains in plain text in the database. This migration also involves to inform the users about the possible disclosure of their passwords: by default, two emails are automatically sent to the impacted users. A first email to inform about the possibility that their password have been leaked, and a second email using the reset password feature to ask them to set a new password. It\u0027s also possible for administrators to set some properties for the migration: it\u0027s possible to decide if the user password should be reset (default) or if the passwords should be kept but only hashed. Note that in the first option, the users won\u0027t be able to login anymore until they set a new password if they were impacted. Note that in both options, mails will be sent to users to inform them and encourage them to change their passwords."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-312",
"description": "CWE-312: Cleartext Storage of Sensitive Information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q2hm-2h45-v5g3"
},
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/443e8398b75a1295067d74afb5898370782d863a#diff-f8a8f8ba80dfc55f044e2e60b521ce379176430ca6921b0f87b79cf682531f79L322"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19869"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19945"
}
],
"source": {
"advisory": "GHSA-q2hm-2h45-v5g3",
"discovery": "UNKNOWN"
},
"title": "Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41933",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29518
Vulnerability from cvelistv5
Published
2023-04-18 23:29
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20283 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.320Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20283",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20283"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Invitation.InvitationCommon`. This page is installed by default. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:29:32.868Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-px54-3w5j-qjg9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3d055a0a5ec42fdebce4d71ee98f94553fdbfebf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20283",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20283"
}
],
"source": {
"advisory": "GHSA-px54-3w5j-qjg9",
"discovery": "UNKNOWN"
},
"title": "Code injection from view right using Invitation.InvitationCommon in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29518",
"datePublished": "2023-04-18T23:29:32.868Z",
"dateReserved": "2023-04-07T18:56:54.628Z",
"dateUpdated": "2024-08-02T14:07:46.320Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-43841
Vulnerability from cvelistv5
Published
2022-02-04 22:30
Modified
2024-08-04 04:10
Severity ?
EPSS score ?
Summary
XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it's possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn't allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18368 | x_refsource_MISC | |
| https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.10.6 Version: >= 13.0, < 13.3RC1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T04:10:16.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18368"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.10.6"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.3RC1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it\u0027s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn\u0027t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:30:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18368"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload"
}
],
"source": {
"advisory": "GHSA-9jq9-c2cv-pcrj",
"discovery": "UNKNOWN"
},
"title": "XSS by SVG upload in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-43841",
"STATE": "PUBLIC",
"TITLE": "XSS by SVG upload in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.10.6"
},
{
"version_value": "\u003e= 13.0, \u003c 13.3RC1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki is a generic wiki platform offering runtime services for applications built on top of it. When using default XWiki configuration, it\u0027s possible for an attacker to upload an SVG containing a script executed when executing the download action on the file. This problem has been patched so that the default configuration doesn\u0027t allow to display the SVG files in the browser. Users are advised to update or to disallow uploads of SVG files."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq9-c2cv-pcrj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/5853d492b3a274db0d94d560e2a5ea988a271c62"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18368",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18368"
},
{
"name": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload",
"refsource": "MISC",
"url": "https://www.xwiki.org/xwiki/bin/view/Documentation/AdminGuide/Attachments#HAttachmentdisplayordownload"
}
]
},
"source": {
"advisory": "GHSA-9jq9-c2cv-pcrj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-43841",
"datePublished": "2022-02-04T22:30:14",
"dateReserved": "2021-11-16T00:00:00",
"dateUpdated": "2024-08-04T04:10:16.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35152
Vulnerability from cvelistv5
Published
2023-06-23 16:41
Modified
2024-11-27 20:45
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.9-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.6 Version: >= 15.0-rc-1, < 15.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.595Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19900",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19900"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20611"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35152",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:45:36.564712Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:45:47.820Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.9-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 12.9-rc-1 and prior to versions 14.4.8, 14.10.6, and 15.1, any logged in user can add dangerous content in their first name field and see it executed with programming rights. Leading to rights escalation. The vulnerability has been fixed on XWiki 14.4.8, 14.10.6, and 15.1. As a workaround, one may apply the patch manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T16:41:51.268Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rf8j-q39g-7xfm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0993a7ab3c102f9ac37ffe361a83a3dc302c0e45#diff-0b51114cb27f7a5c599cf40c59d658eae6ddc5c0836532c3b35e163f40a4854fR39"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6ce2d04a5779e07f6d3ed3f37d4761049b4fc3ac#diff-ef7f8b911bb8e584fda22aac5876a329add35ca0d1d32e0fdb62a439b78cfa49"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19900",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19900"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20611",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20611"
}
],
"source": {
"advisory": "GHSA-rf8j-q39g-7xfm",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to privilege escalation (PR) from account through like LiveTableResults"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35152",
"datePublished": "2023-06-23T16:41:51.268Z",
"dateReserved": "2023-06-14T14:17:52.177Z",
"dateUpdated": "2024-11-27T20:45:47.820Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21650
Vulnerability from cvelistv5
Published
2024-01-08 15:18
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21173 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.2, < 14.10.17 Version: >= 15.0-rc-1, < 15.5.3 Version: >= 15.6-rc-1, < 15.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21173",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21173"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2, \u003c 14.10.17"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.3"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the \"first name\" or \"last name\" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T15:18:12.782Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rj7p-xjv7-7229"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b290bfd573c6f7db6cc15a88dd4111d9fcad0d31"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21173",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21173"
}
],
"source": {
"advisory": "GHSA-rj7p-xjv7-7229",
"discovery": "UNKNOWN"
},
"title": "XWiki Remote Code Execution vulnerability via user registration"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21650",
"datePublished": "2024-01-08T15:18:12.782Z",
"dateReserved": "2023-12-29T16:10:20.366Z",
"dateUpdated": "2024-08-01T22:27:36.108Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31981
Vulnerability from cvelistv5
Published
2024-04-10 19:22
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21337 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.0.1, < 14.10.20 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "3.01",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.9",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31981",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T17:31:37.472728Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:34.850Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.691Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21337",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21337"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0.1, \u003c 14.10.20"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T19:22:57.494Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21337",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21337"
}
],
"source": {
"advisory": "GHSA-vxwr-wpjv-qjq7",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Privilege escalation (PR) from user registration through PDFClass"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31981",
"datePublished": "2024-04-10T19:22:57.494Z",
"dateReserved": "2024-04-08T13:48:37.489Z",
"dateUpdated": "2024-08-13T13:37:34.850Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31988
Vulnerability from cvelistv5
Published
2024-04-10 20:40
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.9-rc-1, < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "13.9-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.9",
"status": "affected",
"version": "5.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31988",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-17T15:02:51.899838Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:25.766Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.859Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21424",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21424"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.9-rc-1, \u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 13.9-rc-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, when the realtime editor is installed in XWiki, it allows arbitrary remote code execution with the interaction of an admin user with programming right. More precisely, by getting an admin user to either visit a crafted URL or to view an image with this URL that could be in a comment, the attacker can get the admin to execute arbitrary XWiki syntax including scripting macros with Groovy or Python code. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.19, 15.5.4 and 15.9. As a workaround, one may update `RTFrontend.ConvertHTML` manually with the patch. This will, however, break some synchronization processes in the realtime editor, so upgrading should be the preferred way on installations where this editor is used."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T20:40:36.954Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r5vh-gc3r-r24w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4896712ee6483da623f131be2e618f1f2b79cb8d"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9f8cc88497418750b09ce9fde5d67d840f038fbf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d88da4572fb7d4f95e1f54bb0cce33fce3df08d9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9f5043da289ff106f08e23576746fd8baf98794"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21424",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21424"
}
],
"source": {
"advisory": "GHSA-r5vh-gc3r-r24w",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform CSRF remote code execution through the realtime HTML Converter API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31988",
"datePublished": "2024-04-10T20:40:36.954Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-13T13:37:25.766Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23618
Vulnerability from cvelistv5
Published
2022-02-09 21:05
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-10309 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.0.0, < 13.3RC1 Version: < 12.10.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.571Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-10309"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.3RC1"
},
{
"status": "affected",
"version": "\u003c 12.10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:05:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-10309"
}
],
"source": {
"advisory": "GHSA-jp55-vvmf-63mv",
"discovery": "UNKNOWN"
},
"title": "Open Redirect in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23618",
"STATE": "PUBLIC",
"TITLE": "Open Redirect in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 13.0.0, \u003c 13.3RC1"
},
{
"version_value": "\u003c 12.10.7"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-10309",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-10309"
}
]
},
"source": {
"advisory": "GHSA-jp55-vvmf-63mv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23618",
"datePublished": "2022-02-09T21:05:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.571Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29208
Vulnerability from cvelistv5
Published
2023-04-15 15:52
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it's deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-16285 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.2-milestone-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.984Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16285",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16285"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2-milestone-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Rights added to a document are not taken into account for viewing it once it\u0027s deleted. Note that this vulnerability only impact deleted documents that where containing view rights: the view rights provided on a space of a deleted document are properly checked. The problem has been patched in XWiki 14.10 by checking the rights of current user: only admin and deleter of the document are allowed to view it."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-668",
"description": "CWE-668: Exposure of Resource to Wrong Sphere",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:52:47.431Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8g-fq6x-jqrr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9e947559077e947315bf700c5703dfc7dd8a8d7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16285",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16285"
}
],
"source": {
"advisory": "GHSA-4f8g-fq6x-jqrr",
"discovery": "UNKNOWN"
},
"title": "Data leak through deleted documents "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29208",
"datePublished": "2023-04-15T15:52:47.431Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.984Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-38369
Vulnerability from cvelistv5
Published
2024-06-24 16:39
Modified
2024-08-02 04:04
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.5-milestone-2, < 15.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:1.5-milestone-2:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.0-rc-1",
"status": "affected",
"version": "1.5-milestone-2",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38369",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-24T20:32:07.791173Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T20:36:42.653Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:25.248Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.5-milestone-2, \u003c 15.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference=\"targetdocument\"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-24T16:39:37.695Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh"
}
],
"source": {
"advisory": "GHSA-qcj3-wpgm-qpxh",
"discovery": "UNKNOWN"
},
"title": "XWiki programming rights may be inherited by inclusion "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38369",
"datePublished": "2024-06-24T16:39:37.695Z",
"dateReserved": "2024-06-14T14:16:16.466Z",
"dateUpdated": "2024-08-02T04:04:25.248Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29511
Vulnerability from cvelistv5
Published
2023-04-16 07:07
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the section ids in `XWiki.AdminFieldsDisplaySheet`. This page is installed by default. The vulnerability has been patched in XWiki versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20261 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.0-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.1 Version: >= 1.5M2, < 13.10.11 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20261",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20261"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.1"
},
{
"status": "affected",
"version": "\u003e= 1.5M2, \u003c 13.10.11"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it\u0027s own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the section ids in `XWiki.AdminFieldsDisplaySheet`. This page is installed by default. The vulnerability has been patched in XWiki versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T07:07:53.556Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20261",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20261"
}
],
"source": {
"advisory": "GHSA-rfh6-mg6h-h668",
"discovery": "UNKNOWN"
},
"title": "xwiki-platform-administration-ui vulnerable to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29511",
"datePublished": "2023-04-16T07:07:53.556Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29213
Vulnerability from cvelistv5
Published
2023-04-17 21:21
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20291 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.2-milestone-3, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.906Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20291",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2-milestone-3, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of `org.xwiki.platform:xwiki-platform-logging-ui` it is possible to trick a user with programming rights into visiting a constructed url where e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights which will evaluate an expression in the constructed url and execute it. This issue has been addressed in versions 13.10.11, 14.4.7, and 14.10. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-17T21:21:40.977Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20291",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20291"
}
],
"source": {
"advisory": "GHSA-4655-wh7v-3vmg",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29213",
"datePublished": "2023-04-17T21:21:40.977Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.906Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40572
Vulnerability from cvelistv5
Published
2023-08-24 01:15
Modified
2024-10-02 20:19
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20849 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.2-milestone-3, < 14.10.9 Version: >= 15.0-rc-1, < 15.4-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:51.000Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20849",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20849"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40572",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-02T20:18:17.614497Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-02T20:19:27.637Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2-milestone-3, \u003c 14.10.9"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.4-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T01:15:33.272Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20849",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20849"
}
],
"source": {
"advisory": "GHSA-4f8m-7h83-9f6m",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40572",
"datePublished": "2023-08-24T01:15:33.272Z",
"dateReserved": "2023-08-16T18:24:02.390Z",
"dateUpdated": "2024-10-02T20:19:27.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29512
Vulnerability from cvelistv5
Published
2023-04-18 23:44
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it's own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in `imported.vm`, `importinline.vm`, and `packagelist.vm`. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20267 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.422Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20267",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20267"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on a page (e.g., it\u0027s own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the information loaded from attachments in `imported.vm`, `importinline.vm`, and `packagelist.vm`. This page is installed by default. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:44:25.981Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hg5x-3w3x-7g96"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4bbdc23fea0be4ef1921d1a58648028ce753344"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20267",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20267"
}
],
"source": {
"advisory": "GHSA-hg5x-3w3x-7g96",
"discovery": "UNKNOWN"
},
"title": "Code injection in xwiki-platform-web-templates"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29512",
"datePublished": "2023-04-18T23:44:25.981Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.422Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31984
Vulnerability from cvelistv5
Published
2024-04-10 19:53
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.2-rc-1, < 14.10.20 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.20",
"status": "affected",
"version": "7.2-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31984",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-03T19:49:18.978984Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:31.192Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.883Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21471",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21471"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2-rc-1, \u003c 14.10.20"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T20:11:03.857Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fb"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21471",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21471"
}
],
"source": {
"advisory": "GHSA-xm4h-3jxr-m3c6",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Remote code execution through space title and Solr space facet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31984",
"datePublished": "2024-04-10T19:53:50.690Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-13T13:37:31.192Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36100
Vulnerability from cvelistv5
Published
2022-09-08 21:10
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19747 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.7, < 13.10.6 Version: >= 14.0, < 14.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.507Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19747"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.7, \u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn\u0027t sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T21:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19747"
}
],
"source": {
"advisory": "GHSA-2g5c-228j-p52x",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36100",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.7, \u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0, \u003c 14.4"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn\u0027t sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19747",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19747"
}
]
},
"source": {
"advisory": "GHSA-2g5c-228j-p52x",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36100",
"datePublished": "2022-09-08T21:10:10",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.507Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27479
Vulnerability from cvelistv5
Published
2023-03-07 18:09
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `<xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `<xwiki-host>` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20294 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.3-milestone-2, < 13.10.11 Version: >= 14.0.0, < 14.4.7 Version: >= 14.5.0, < 14.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20294",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.3-milestone-2, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters. A proof of concept exploit is to log in, add an `XWiki.UIExtensionClass` xobject to the user profile page, with an Extension Parameters content containing `label={{/html}} {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"Hello \" + \"from groovy!\"){{/groovy}}{{/async}}`. Then, navigating to `PanelsCode.ApplicationsPanelConfigurationSheet` (i.e., `\u003cxwiki-host\u003e/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet` where `\u003cxwiki-host\u003e` is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see `Hello from groovy!` displayed on the screen. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. For users unable to upgrade the issue can be fixed by editing the `PanelsCode.ApplicationsPanelConfigurationSheet` wiki page and making the same modifications as shown in commit `6de5442f3c`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T18:09:18.005Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qxjg-jhgw-qhrv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20294",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20294"
}
],
"source": {
"advisory": "GHSA-qxjg-jhgw-qhrv",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27479",
"datePublished": "2023-03-07T18:09:18.005Z",
"dateReserved": "2023-03-01T19:03:56.632Z",
"dateUpdated": "2024-08-02T12:09:43.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31465
Vulnerability from cvelistv5
Published
2024-04-10 19:12
Modified
2024-08-13 13:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.2-milestone-2, < 14.10.20 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.20",
"status": "affected",
"version": "5.2-milestone-2",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31465",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-05-16T18:36:09.920532Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:56:21.898Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.115Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21474",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21474"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.2-milestone-2, \u003c 14.10.20"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the document `XWiki.SearchSuggestSourceSheet`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T19:12:35.517Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-34fj-r5gq-7395"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/2740974c32dbb7cc565546d0f04e2374b32b36f7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6a7f19f6424036fce3d703413137adde950ae809#diff-67b473d2b6397d65b7726c6a13555850b11b10128321adf9e627e656e1d130a5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21474",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21474"
}
],
"source": {
"advisory": "GHSA-34fj-r5gq-7395",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31465",
"datePublished": "2024-04-10T19:12:35.517Z",
"dateReserved": "2024-04-03T17:55:32.648Z",
"dateUpdated": "2024-08-13T13:56:21.898Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29253
Vulnerability from cvelistv5
Published
2022-05-25 20:55
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19349 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 8.3-rc-1, < 13.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.3-rc-1, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with \"..\" in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-24",
"description": "CWE-24: Path Traversal: \u0027../filedir\u0027",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T20:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
],
"source": {
"advisory": "GHSA-9qrp-h7fw-42hg",
"discovery": "UNKNOWN"
},
"title": "Path Traversal in XWiki Platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29253",
"STATE": "PUBLIC",
"TITLE": "Path Traversal in XWiki Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.3-rc-1, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with \"..\" in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-24: Path Traversal: \u0027../filedir\u0027"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9qrp-h7fw-42hg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/4917c8f355717bb636d763844528b1fe0f95e8e2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19349",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19349"
}
]
},
"source": {
"advisory": "GHSA-9qrp-h7fw-42hg",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29253",
"datePublished": "2022-05-25T20:55:10",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26477
Vulnerability from cvelistv5
Published
2023-03-02 17:52
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2.4, < 13.10.10 Version: >= 14.0, < 14.4.6 Version: >= 14.5, < 14.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.972Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19757",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19757"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.4, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it\u0027s possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the `newThemeName` request parameter (URL parameter), in combination with additional parameters. This has been patched in the supported versions 13.10.10, 14.9-rc-1, and 14.4.6. As a workaround, it is possible to edit `FlamingoThemesCode.WebHomeSheet` and manually perform the changes from the patch fixing the issue.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T17:52:40.359Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x2qm-r4wx-8gpg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ea2e615f50a918802fd60b09ec87aa04bc6ea8e2#diff-e2153fa59f9d92ef67b0afbf27984bd17170921a3b558fac227160003d0dfd2aR283-R284"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19757",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19757"
}
],
"source": {
"advisory": "GHSA-x2qm-r4wx-8gpg",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26477",
"datePublished": "2023-03-02T17:52:40.359Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:52.972Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29515
Vulnerability from cvelistv5
Published
2023-04-18 23:50
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because the user doesn't have global edit right, the app can also be created by directly opening `/xwiki/bin/view/AppWithinMinutes/CreateApplication?wizard=true` on the XWiki installation. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1 by not granting the space admin right if the user doesn't have script right on the space where the app is created. Error message are displayed to warn the user that the app will be broken in this case. Users who became space admin through this vulnerability won't loose the space admin right due to the fix, so it is advised to check if all users who created AWM apps should keep their space admin rights. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-44h9-xxvx-pg6x | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e73b890623efa604adc484ad82f37e31596fe1a6 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20190 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.420Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-44h9-xxvx-pg6x",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-44h9-xxvx-pg6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e73b890623efa604adc484ad82f37e31596fe1a6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e73b890623efa604adc484ad82f37e31596fe1a6"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20190",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20190"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can be exploited by creating an app in App Within Minutes. If the button should be disabled because the user doesn\u0027t have global edit right, the app can also be created by directly opening `/xwiki/bin/view/AppWithinMinutes/CreateApplication?wizard=true` on the XWiki installation. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1 by not granting the space admin right if the user doesn\u0027t have script right on the space where the app is created. Error message are displayed to warn the user that the app will be broken in this case. Users who became space admin through this vulnerability won\u0027t loose the space admin right due to the fix, so it is advised to check if all users who created AWM apps should keep their space admin rights. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:50:17.090Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-44h9-xxvx-pg6x",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-44h9-xxvx-pg6x"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e73b890623efa604adc484ad82f37e31596fe1a6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e73b890623efa604adc484ad82f37e31596fe1a6"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20190",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20190"
}
],
"source": {
"advisory": "GHSA-44h9-xxvx-pg6x",
"discovery": "UNKNOWN"
},
"title": "Cross-site scripting (XSS) in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29515",
"datePublished": "2023-04-18T23:50:17.090Z",
"dateReserved": "2023-04-07T18:56:54.627Z",
"dateUpdated": "2024-08-02T14:07:46.420Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-45591
Vulnerability from cvelistv5
Published
2024-09-10 15:56
Modified
2024-09-10 19:22
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-22052 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.8.0, < 15.10.9 Version: >= 16.0.0-rc-1, < 16.3.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.10.9",
"status": "affected",
"version": "1.8.0,",
"versionType": "custom"
},
{
"lessThan": "16.3.0-rc-1",
"status": "affected",
"version": "16.0.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-45591",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:16:32.520512Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:22:03.317Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.8.0, \u003c 15.10.9"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. The REST API exposes the history of any page in XWiki of which the attacker knows the name. The exposed information includes for each modification of the page the time of the modification, the version number, the author of the modification (both username and displayed name) and the version comment. This information is exposed regardless of the rights setup, and even when the wiki is configured to be fully private. On a private wiki, this can be tested by accessing /xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history, if this shows the history of the main page then the installation is vulnerable. This has been patched in XWiki 15.10.9 and XWiki 16.3.0RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T15:56:53.484Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/26482ee5d29fc21f31134d1ee13db48716e89e0f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9cbca9808300797c67779bb9a665d85cf9e3d4b8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-22052",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-22052"
}
],
"source": {
"advisory": "GHSA-pvmm-55r5-g3mm",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform document history including authors of any page exposed to unauthorized actors"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-45591",
"datePublished": "2024-09-10T15:56:53.484Z",
"dateReserved": "2024-09-02T16:00:02.422Z",
"dateUpdated": "2024-09-10T19:22:03.317Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-46979
Vulnerability from cvelistv5
Published
2024-09-18 17:23
Modified
2024-09-18 18:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to get access to notification filters of any user by using a URL such as `<hostname>xwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain&type=custom&user=<username>`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It's possible to workaround the vulnerability by applying manually the patch: it's possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20336 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.2-rc-1, < 14.10.21 Version: >= 15.0.0, < 15.5.5 Version: >= 15.6.0, < 15.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.21",
"status": "affected",
"version": "13.2-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
},
{
"lessThan": "15.10.1",
"status": "affected",
"version": "15.6.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46979",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:53:20.731658Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:56:06.319Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.2-rc-1, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0.0, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6.0, \u003c 15.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to get access to notification filters of any user by using a URL such as `\u003chostname\u003exwiki/bin/get/XWiki/Notifications/Code/NotificationFilterPreferenceLivetableResults?outputSyntax=plain\u0026type=custom\u0026user=\u003cusername\u003e`. This vulnerability impacts all versions of XWiki since 13.2-rc-1. The filters do not provide much information (they mainly contain references which are public data in XWiki), though some info could be used in combination with other vulnerabilities. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0RC1. The patch consists in checking the rights of the user when sending the data. Users are advised to upgrade. It\u0027s possible to workaround the vulnerability by applying manually the patch: it\u0027s possible for an administrator to edit directly the document `XWiki.Notifications.Code.NotificationFilterPreferenceLivetableResults` to apply the same changes as in the patch. See commit c8c6545f9bde6f5aade994aa5b5903a67b5c2582."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:23:34.839Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pg4m-3gp6-hw4w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/c8c6545f9bde6f5aade994aa5b5903a67b5c2582"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20336",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20336"
}
],
"source": {
"advisory": "GHSA-pg4m-3gp6-hw4w",
"discovery": "UNKNOWN"
},
"title": "Data leak of notification filters of users in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46979",
"datePublished": "2024-09-18T17:23:34.839Z",
"dateReserved": "2024-09-16T16:10:09.018Z",
"dateUpdated": "2024-09-18T18:56:06.319Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29206
Vulnerability from cvelistv5
Published
2023-04-15 15:41
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19514 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19583 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-9119 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.0-milestone-1, < 14.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.896Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19514",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19514"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-9119",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-9119"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0-milestone-1, \u003c 14.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. There was no check in the author of a JavaScript xobject or StyleSheet xobject added in a XWiki document, so until now it was possible for a user having only Edit Right to create such object and to craft a script allowing to perform some operations when executing by a user with appropriate rights. This has been patched in XWiki 14.9-rc-1 by only executing the script if the author of it has Script rights."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:41:56.041Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cmvg-w72j-7phx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fe65bc35d5672dd2505b7ac4ec42aec57d500fbb"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19514",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19514"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-9119",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-9119"
}
],
"source": {
"advisory": "GHSA-cmvg-w72j-7phx",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-skin-skinx vulnerable to basic Cross-site Scripting by exploiting JSX or SSX plugins"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29206",
"datePublished": "2023-04-15T15:41:56.041Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.896Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40177
Vulnerability from cvelistv5
Published
2023-08-23 20:11
Modified
2024-10-03 13:41
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-7369 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.3-milestone-2, < 14.10.5 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:24:55.620Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7369",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7369"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40177",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T13:41:24.610232Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T13:41:37.138Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.3-milestone-2, \u003c 14.10.5"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any registered user can use the content field of their user profile page to execute arbitrary scripts with programming rights, thus effectively performing rights escalation. This issue is present since version 4.3M2 when AppWithinMinutes Application added support for the Content field, allowing any wiki page (including the user profile page) to use its content as an AWM Content field, which has a custom displayer that executes the content with the rights of the ``AppWithinMinutes.Content`` author, rather than the rights of the content author. The vulnerability has been fixed in XWiki 14.10.5 and 15.1RC1. The fix is in the content of the AppWithinMinutes.Content page that defines the custom displayer. By using the ``display`` script service to render the content we make sure that the proper author is used for access rights checks."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-23T20:11:45.227Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5mf8-v43w-mfxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dfb1cde173e363ca5c12eb3654869f9719820262"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-7369",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-7369"
}
],
"source": {
"advisory": "GHSA-5mf8-v43w-mfxp",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform privilege escalation (PR) from account through AWM content fields"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40177",
"datePublished": "2023-08-23T20:11:45.227Z",
"dateReserved": "2023-08-09T15:26:41.052Z",
"dateUpdated": "2024-10-03T13:41:37.138Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29506
Vulnerability from cvelistv5
Published
2023-04-16 06:49
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20335 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.10.8, < 13.10.11 Version: >= 14.4.3, < 14.4.7 Version: >= 14.6, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.433Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20335",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20335"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.10.8, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.4.3, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.6, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T06:49:51.376Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20335",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20335"
}
],
"source": {
"advisory": "GHSA-jjm5-5v9v-7hx2",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-security-authentication-default XSS with authenticated endpoints"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29506",
"datePublished": "2023-04-16T06:49:51.376Z",
"dateReserved": "2023-04-07T18:56:54.625Z",
"dateUpdated": "2024-08-02T14:07:46.433Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46731
Vulnerability from cvelistv5
Published
2023-11-06 18:47
Modified
2024-09-05 14:34
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: org.xwiki.platform:xwiki-platform-administration : < 14.10.14 Version: org.xwiki.platform:xwiki-platform-administration-ui: < 14.10.14 Version: org.xwiki.platform:xwiki-platform-administration-ui: >= 15.0-rc-1, < 15.5.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:21.623Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21110",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21110"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.14",
"status": "affected",
"version": "0",
"versionType": "custom"
},
{
"lessThan": "15.5.1",
"status": "affected",
"version": "15.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46731",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T14:31:01.182469Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T14:34:27.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration : \u003c 14.10.14"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration-ui: \u003c 14.10.14"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-administration-ui: \u003e= 15.0-rc-1, \u003c 15.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn\u0027t properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins)."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T18:47:49.279Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21110",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21110"
}
],
"source": {
"advisory": "GHSA-62pr-qqf7-hh89",
"discovery": "UNKNOWN"
},
"title": "Remote code execution through the section parameter in Administration as guest in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46731",
"datePublished": "2023-11-06T18:47:49.279Z",
"dateReserved": "2023-10-25T14:30:33.751Z",
"dateUpdated": "2024-09-05T14:34:27.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37900
Vulnerability from cvelistv5
Published
2024-07-31 15:15
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn't notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wf3x-jccf-5g5g | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/6cdd69d31d6bf3caa7f40ec55eb317e4e528ad28 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/8b8a2d80529b9a9c038014c1eb6c2adc08069dfd | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/910a5018a50039e8b24556573dfe342f143ef949 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/9df46f8e5313af46f93bccd1ebc682e28126573f | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19602 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19611 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21769 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 4.2-milestone-3, < 14.10.21 Version: >= 15.0-rc-1, < 15.5.5 Version: >= 15.6-rc-1, < 15.10.6 Version: >= 16.0.0-rc-1, < 16.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.21",
"status": "affected",
"version": "4.2-milestone-3",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10.6",
"status": "affected",
"version": "15.6-rc",
"versionType": "custom"
},
{
"lessThan": "16.0.0",
"status": "affected",
"version": "16.0.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37900",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-01T14:43:57.149734Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:13.581Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 4.2-milestone-3, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.6"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When uploading an attachment with a malicious filename, malicious JavaScript code could be executed. This requires a social engineering attack to get the victim into uploading a file with a malicious name. The malicious code is solely executed during the upload and affects only the user uploading the attachment. While this allows performing actions in the name of that user, it seems unlikely that a user wouldn\u0027t notice the malicious filename while uploading the attachment. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:15:31.013Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wf3x-jccf-5g5g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wf3x-jccf-5g5g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6cdd69d31d6bf3caa7f40ec55eb317e4e528ad28",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6cdd69d31d6bf3caa7f40ec55eb317e4e528ad28"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8b8a2d80529b9a9c038014c1eb6c2adc08069dfd",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8b8a2d80529b9a9c038014c1eb6c2adc08069dfd"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/910a5018a50039e8b24556573dfe342f143ef949",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/910a5018a50039e8b24556573dfe342f143ef949"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9df46f8e5313af46f93bccd1ebc682e28126573f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9df46f8e5313af46f93bccd1ebc682e28126573f"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19602",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19602"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19611",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19611"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21769",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21769"
}
],
"source": {
"advisory": "GHSA-wf3x-jccf-5g5g",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to Cross-site Scripting through attachment filename in uploader"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37900",
"datePublished": "2024-07-31T15:15:31.013Z",
"dateReserved": "2024-06-10T19:54:41.362Z",
"dateUpdated": "2024-08-13T13:37:13.581Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43400
Vulnerability from cvelistv5
Published
2024-08-19 16:24
Modified
2024-08-22 14:00
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21810 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 15.6-rc-1, < 15.10.2 Version: >= 15.0-rc-1, < 15.5.5 Version: < 14.10.21 Version: = 16.0.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.10.2",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "14.10.21",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:16.0.0-rc-1:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "16.0.0-rc-1"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43400",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-19T17:17:50.141081Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-22T14:00:37.297Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.2"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003c 14.10.21"
},
{
"status": "affected",
"version": "= 16.0.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible for a user without Script or Programming rights to craft a URL pointing to a page with arbitrary JavaScript. This requires social engineer to trick a user to follow the URL. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T16:00:37.079Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wcg9-pgqv-xm5v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/27eca8423fc1ad177518077a733076821268509c"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21810",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21810"
}
],
"source": {
"advisory": "GHSA-wcg9-pgqv-xm5v",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform allows XSS through XClass name in string properties"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43400",
"datePublished": "2024-08-19T16:24:40.900Z",
"dateReserved": "2024-08-12T18:02:04.965Z",
"dateUpdated": "2024-08-22T14:00:37.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36093
Vulnerability from cvelistv5
Published
2022-09-08 17:25
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19558 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 8.0-rc-1, < 13.10.5 Version: >= 14.0, < 14.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.546Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19558"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.0-rc-1, \u003c 13.10.5"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-288",
"description": "CWE-288: Authentication Bypass Using an Alternate Path or Channel",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T17:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19558"
}
],
"source": {
"advisory": "GHSA-h5j3-5x63-p8jv",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36093",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 8.0-rc-1, \u003c 13.10.5"
},
{
"version_value": "\u003e= 14.0, \u003c 14.3-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-288: Authentication Bypass Using an Alternate Path or Channel"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19558",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19558"
}
]
},
"source": {
"advisory": "GHSA-h5j3-5x63-p8jv",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36093",
"datePublished": "2022-09-08T17:25:10",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.546Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35157
Vulnerability from cvelistv5
Published
2023-06-23 18:22
Modified
2024-11-27 20:10
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20339 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.2-milestone-3, < 14.10.6 Version: >= 15.0-rc-0, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20339",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20339"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35157",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:10:23.129959Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:10:32.697Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2-milestone-3, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-0, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to perform an XSS by forging a request to a delete attachment action with a specific attachment name. Now this XSS can be exploited only if the attacker knows the CSRF token of the user, or if the user ignores the warning about the missing CSRF token. The vulnerability has been patched in XWiki 15.1-rc-1 and XWiki 14.10.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:22:54.954Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-phwm-87rg-27qq"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/35e9073ffec567861e0abeea072bd97921a3decf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20339",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20339"
}
],
"source": {
"advisory": "GHSA-phwm-87rg-27qq",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via delattachment action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35157",
"datePublished": "2023-06-23T18:22:54.954Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:10:32.697Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34467
Vulnerability from cvelistv5
Published
2023-06-23 16:20
Modified
2024-11-29 14:35
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.5-milestone-1, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20333",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20333"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34467",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:35:51.226337Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:35:59.084Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5-milestone-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.5-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, the mail obfuscation configuration was not fully taken into account. While the mail displayed to the end user was obfuscated, the rest response was also containing the mail unobfuscated and users were able to filter and sort on the unobfuscated, allowing them to infer the mail content. The consequence was the possibility to retrieve the email addresses of all users even when obfuscated. This has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-402",
"description": "CWE-402: Transmission of Private Resources into a New Sphere (\u0027Resource Leak\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T16:20:51.164Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7vr7-cghh-ch63"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/71f889db9962df2d385f4298e29cfbc9050b828a#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20333",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20333"
}
],
"source": {
"advisory": "GHSA-7vr7-cghh-ch63",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform may retrieve email addresses of all users "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34467",
"datePublished": "2023-06-23T16:20:51.164Z",
"dateReserved": "2023-06-06T16:16:53.560Z",
"dateUpdated": "2024-11-29T14:35:59.084Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29519
Vulnerability from cvelistv5
Published
2023-04-18 23:31
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the "property" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20364 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.447Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20364",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20364"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A registered user can perform remote code execution leading to privilege escalation by injecting the proper code in the \"property\" field of an attachment selector, as a gadget of their own dashboard. Note that the vulnerability does not impact comments of a wiki. The vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.2, 15.0-rc-1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:31:09.369Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3hjg-cghv-22ww"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5e8725b4272cd3e5be09d3ca84273be2da6869c1"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20364",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20364"
}
],
"source": {
"advisory": "GHSA-3hjg-cghv-22ww",
"discovery": "UNKNOWN"
},
"title": "Code injection in org.xwiki.platform:xwiki-platform-attachment-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29519",
"datePublished": "2023-04-18T23:31:09.369Z",
"dateReserved": "2023-04-07T18:56:54.628Z",
"dateUpdated": "2024-08-02T14:07:46.447Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-29459
Vulnerability from cvelistv5
Published
2021-04-20 18:30
Modified
2024-08-03 22:02
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading XWiki. The vulnerability has been patched on XWiki 12.8 and 12.6.3.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8 | x_refsource_CONFIRM |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.6.3 Version: >= 12.6.4, < 12.8 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:02:51.994Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.6.3"
},
{
"status": "affected",
"version": "\u003e= 12.6.4, \u003c 12.8"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading XWiki. The vulnerability has been patched on XWiki 12.8 and 12.6.3."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79 Cross-site Scripting (XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-04-20T18:30:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8"
}
],
"source": {
"advisory": "GHSA-5c66-v29h-xjh8",
"discovery": "UNKNOWN"
},
"title": "XSS Cross Site Scripting",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-29459",
"STATE": "PUBLIC",
"TITLE": "XSS Cross Site Scripting"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.6.3"
},
{
"version_value": "\u003e= 12.6.4, \u003c 12.8"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It is possible to persistently inject scripts in XWiki versions prior to 12.6.3 and 12.8. Unregistred users can fill simple text fields. Registered users can fill in their personal information and (if they have edit rights) fill the values of static lists using App Within Minutes. There is no easy workaround except upgrading XWiki. The vulnerability has been patched on XWiki 12.8 and 12.6.3."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79 Cross-site Scripting (XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5c66-v29h-xjh8"
}
]
},
"source": {
"advisory": "GHSA-5c66-v29h-xjh8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-29459",
"datePublished": "2021-04-20T18:30:22",
"dateReserved": "2021-03-30T00:00:00",
"dateUpdated": "2024-08-03T22:02:51.994Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35153
Vulnerability from cvelistv5
Published
2023-06-23 17:19
Modified
2024-11-29 14:27
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.4.4, < 14.4.8 Version: >= 14.5, < 14.10.4 Version: >= 15.0-rc-1, < 15.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.219Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20365",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20365"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35153",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:27:37.831816Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:27:48.189Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.4.4, \u003c 14.4.8"
},
{
"status": "affected",
"version": " \u003e= 14.5, \u003c 14.10.4"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 5.4.4 and prior to versions 14.4.8, 14.10.4, and 15.0, a stored cross-site scripting vulnerability can be exploited by users with edit rights by adding a `AppWithinMinutes.FormFieldCategoryClass` class on a page and setting the payload on the page title. Then, any user visiting `/xwiki/bin/view/AppWithinMinutes/ClassEditSheet` executes the payload. The issue has been patched in XWiki 14.4.8, 14.10.4, and 15.0. As a workaround, update `AppWithinMinutes.ClassEditSheet` with a patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T17:19:59.290Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4wc6-hqv9-qc97"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1b87fec1e5b5ec00b7a8c3c3f94f6c5e22547392#diff-79e725ec7125cced7d302e1a1f955a76745af26ef28a148981b810e85335d302"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20365",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20365"
}
],
"source": {
"advisory": "GHSA-4wc6-hqv9-qc97",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to stored cross-site scripting in ClassEditSheet page via name parameters"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35153",
"datePublished": "2023-06-23T17:19:59.290Z",
"dateReserved": "2023-06-14T14:17:52.177Z",
"dateUpdated": "2024-11-29T14:27:48.189Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45134
Vulnerability from cvelistv5
Published
2023-10-25 19:08
Modified
2024-09-10 14:50
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker's user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20962 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.1-milestone-1, < 13.4-rc-1 Version: >= 2.4-milestone-2, < 3.1-milestone-1 Version: >= 14.0-rc-1, < 14.10.12 Version: >= 15.0-rc-1, < 15.5-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.733Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20962",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20962"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "13.4-rc-1",
"status": "affected",
"version": "3.1-milestone-1",
"versionType": "custom"
},
{
"lessThan": "3.1-milestone-1",
"status": "affected",
"version": "2.4-milestone-2",
"versionType": "custom"
},
{
"lessThan": "14.10.12",
"status": "affected",
"version": "14.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5-rc-1",
"status": "affected",
"version": "15.0-rc-1,",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45134",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:46:37.428004Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:50:34.210Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1-milestone-1, \u003c 13.4-rc-1"
},
{
"status": "affected",
"version": "\u003e= 2.4-milestone-2, \u003c 3.1-milestone-1"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.10.12"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-1 and prior to 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` starting in version 2.4-milestone-2 and prior to version 3.1-milestone-1 are vulnerable to cross-site scripting. An attacker can create a template provider on any document that is part of the wiki (could be the attacker\u0027s user profile) that contains malicious code. This code is executed when this template provider is selected during document creation which can be triggered by sending the user to a URL. For the attacker, the only requirement is to have an account as by default the own user profile is editable. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in `org.xwiki.platform:xwiki-platform-web` 13.4-rc-1, `org.xwiki.platform:xwiki-platform-web-templates` 14.10.2 and 15.5-rc-1, and `org.xwiki.platform:xwiki-web-standard` 3.1-milestone-1 by adding the appropriate escaping. The vulnerable template file createinline.vm is part of XWiki\u0027s WAR and can be patched by manually applying the changes from the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:08:32.909Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gr82-8fj2-ggc3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20962",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20962"
}
],
"source": {
"advisory": "GHSA-gr82-8fj2-ggc3",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform XSS vulnerability from account in the create page form via template provider"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45134",
"datePublished": "2023-10-25T19:08:32.909Z",
"dateReserved": "2023-10-04T16:02:46.328Z",
"dateUpdated": "2024-09-10T14:50:34.210Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29202
Vulnerability from cvelistv5
Published
2023-04-15 14:28
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn't used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki's version, in the web application's directory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19671 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.8, <= 3.0.1 Version: < 14.6-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.975Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19671",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19671"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.8, \u003c= 3.0.1"
},
{
"status": "affected",
"version": "\u003c 14.6-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. The RSS macro that is bundled in XWiki included the content of the feed items without any cleaning in the HTML output when the parameter `content` was set to `true`. This allowed arbitrary HTML and in particular also JavaScript injection and thus cross-site scripting (XSS) by specifying an RSS feed with malicious content. With the interaction of a user with programming rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content and sabotaging the wiki. The issue has been patched in XWiki 14.6 RC1, the content of the feed is now properly cleaned before being displayed. As a workaround, if the RSS macro isn\u0027t used in the wiki, the macro can be uninstalled by deleting `WEB-INF/lib/xwiki-platform-rendering-macro-rss-XX.jar`, where `XX` is XWiki\u0027s version, in the web application\u0027s directory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T14:28:44.147Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-c885-89fw-55qr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5c7ebe47c2897e92d8f04fe2e15027e84dc3ec03"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19671",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19671"
}
],
"source": {
"advisory": "GHSA-c885-89fw-55qr",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-rendering-macro-rss Cross-site Scripting vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29202",
"datePublished": "2023-04-15T14:28:44.147Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-08-02T14:00:15.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32729
Vulnerability from cvelistv5
Published
2021-07-01 16:45
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m738-3rc4-5xv3 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-18276 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: > 11.6RC1, < 12.6.8 Version: >= 12.10.0, < 12.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.568Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m738-3rc4-5xv3"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18276"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e 11.6RC1, \u003c 12.6.8"
},
{
"status": "affected",
"version": "\u003e= 12.10.0, \u003c 12.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-693",
"description": "CWE-693: Protection Mechanism Failure",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T16:45:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m738-3rc4-5xv3"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18276"
}
],
"source": {
"advisory": "GHSA-m738-3rc4-5xv3",
"discovery": "UNKNOWN"
},
"title": "A user without PR can reset user authentication failures information",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32729",
"STATE": "PUBLIC",
"TITLE": "A user without PR can reset user authentication failures information"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e 11.6RC1, \u003c 12.6.8"
},
{
"version_value": "\u003e= 12.10.0, \u003c 12.10.4"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A vulnerability exists in versions prior to 12.6.88, 12.10.4, and 13.0. The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights. An attacher with script rights who is able to reset the authentication failure record might perform a brute force attack, since they would be able to virtually deactivate the mechanism introduced to mitigate those attacks. The problem has been patched in version 12.6.8, 12.10.4 and 13.0. There are no workarounds aside from upgrading."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 2,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-693: Protection Mechanism Failure"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m738-3rc4-5xv3",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m738-3rc4-5xv3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18276",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18276"
}
]
},
"source": {
"advisory": "GHSA-m738-3rc4-5xv3",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32729",
"datePublished": "2021-07-01T16:45:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.568Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-31167
Vulnerability from cvelistv5
Published
2022-09-07 13:55
Modified
2024-08-03 07:11
Severity ?
EPSS score ?
Summary
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-14075 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18983 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.0, < 12.10.11 Version: >= 13.0, < 13.4.6 Version: >= 13.10, < 13.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T07:11:39.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.4.6"
},
{
"status": "affected",
"version": "\u003e= 13.10, \u003c 13.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-07T13:55:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
],
"source": {
"advisory": "GHSA-gg53-wf5x-r3r6",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-31167",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.0, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0, \u003c 13.4.6"
},
{
"version_value": "\u003e= 13.10, \u003c 13.10.1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it\u0027s possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gg53-wf5x-r3r6"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-14075",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-14075"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18983",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18983"
}
]
},
"source": {
"advisory": "GHSA-gg53-wf5x-r3r6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-31167",
"datePublished": "2022-09-07T13:55:11",
"dateReserved": "2022-05-18T00:00:00",
"dateUpdated": "2024-08-03T07:11:39.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36090
Vulnerability from cvelistv5
Published
2022-09-08 14:45
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it's more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgc8-gvcx-9vfx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e074d226d9b2b96a0a1ba4349d1b73a802842986 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19559 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.1, < 13.10.5 Version: >= 14.0, < 14.3-RC-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.501Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgc8-gvcx-9vfx"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e074d226d9b2b96a0a1ba4349d1b73a802842986"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19559"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1, \u003c 13.10.5"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3-RC-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it\u0027s more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T14:45:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgc8-gvcx-9vfx"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e074d226d9b2b96a0a1ba4349d1b73a802842986"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19559"
}
],
"source": {
"advisory": "GHSA-jgc8-gvcx-9vfx",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36090",
"STATE": "PUBLIC",
"TITLE": "org.xwiki.platform:xwiki-platform-oldcore Improper Authorization check for inactive users"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.1, \u003c 13.10.5"
},
{
"version_value": "\u003e= 14.0, \u003c 14.3-RC-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 13.1.0.5 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it\u0027s more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgc8-gvcx-9vfx",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgc8-gvcx-9vfx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e074d226d9b2b96a0a1ba4349d1b73a802842986",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/e074d226d9b2b96a0a1ba4349d1b73a802842986"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19559",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19559"
}
]
},
"source": {
"advisory": "GHSA-jgc8-gvcx-9vfx",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36090",
"datePublished": "2022-09-08T14:45:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.501Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29161
Vulnerability from cvelistv5
Published
2022-05-05 23:35
Modified
2024-08-03 06:10
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19676 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.6 Version: >= 14.0.0, < 14.3.1 Version: >= 14.4.0, < 14.4-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:10:59.434Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19676"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.3.1"
},
{
"status": "affected",
"version": "\u003e= 14.4.0, \u003c 14.4-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-327",
"description": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-05T23:35:28",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19676"
}
],
"source": {
"advisory": "GHSA-h8v5-p258-pqf4",
"discovery": "UNKNOWN"
},
"title": "Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29161",
"STATE": "PUBLIC",
"TITLE": "Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0.0, \u003c 14.3.1"
},
{
"version_value": "\u003e= 14.4.0, \u003c 14.4-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. If the upgrade is not possible, it is possible to patch the module xwiki-platform-crypto in a local installation by applying the change exposed in 26728f3 and re-compiling the module."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-327: Use of a Broken or Risky Cryptographic Algorithm"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19676",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19676"
}
]
},
"source": {
"advisory": "GHSA-h8v5-p258-pqf4",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29161",
"datePublished": "2022-05-05T23:35:28",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:10:59.434Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36094
Vulnerability from cvelistv5
Published
2022-09-08 20:10
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it's possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace `viewattachrev.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mxf2-4r22-5hq9 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/047ce9fa4a7c13f3883438aaf54fc50f287a7e8e | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19612 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.0, < 13.10.6 Version: >= 14.0, < 14.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.512Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mxf2-4r22-5hq9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/047ce9fa4a7c13f3883438aaf54fc50f287a7e8e"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19612"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it\u0027s possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace `viewattachrev.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:10:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mxf2-4r22-5hq9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/047ce9fa4a7c13f3883438aaf54fc50f287a7e8e"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19612"
}
],
"source": {
"advisory": "GHSA-mxf2-4r22-5hq9",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Web Parent POM vulnerable to XSS in the attachment history",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36094",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Web Parent POM vulnerable to XSS in the attachment history"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0, \u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0, \u003c 14.3-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Web Parent POM contains Web resources for the XWiki platform, a generic wiki platform. Starting with version 1.0 and prior to versions 13.10.6 and 14.30-rc-1, it\u0027s possible to store JavaScript which will be executed by anyone viewing the history of an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3RC1. As a workaround, it is possible to replace `viewattachrev.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mxf2-4r22-5hq9",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mxf2-4r22-5hq9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/047ce9fa4a7c13f3883438aaf54fc50f287a7e8e",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/047ce9fa4a7c13f3883438aaf54fc50f287a7e8e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19612",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19612"
}
]
},
"source": {
"advisory": "GHSA-mxf2-4r22-5hq9",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36094",
"datePublished": "2022-09-08T20:10:09",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.512Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-46978
Vulnerability from cvelistv5
Published
2024-09-18 17:25
Modified
2024-09-20 13:34
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It's possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20337 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.2-rc-1, < 14.10.21 Version: >= 15.0.0, < 15.5.5 Version: >= 15.6.0, < 15.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThanOrEqual": "14.10.21",
"status": "affected",
"version": "13.2-rc-1",
"versionType": "custom"
},
{
"lessThanOrEqual": "15.5.5",
"status": "affected",
"version": "15.0.0",
"versionType": "custom"
},
{
"lessThanOrEqual": "15.6.0",
"status": "affected",
"version": "15.10.1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46978",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-20T13:34:23.555950Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-20T13:34:31.694Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.2-rc-1, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0.0, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6.0, \u003c 15.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible for any user knowing the ID of a notification filter preference of another user, to enable/disable it or even delete it. The impact is that the target user might start loosing notifications on some pages because of this. This vulnerability is present in XWiki since 13.2-rc-1. This vulnerability has been patched in XWiki 14.10.21, 15.5.5, 15.10.1, 16.0-rc-1. The patch consists in checking properly the rights of the user before performing any action on the filters. Users are advised to upgrade. It\u0027s possible to fix manually the vulnerability by editing the document `XWiki.Notifications.Code.NotificationPreferenceService` to apply the changes performed in commit e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:25:15.821Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r95w-889q-x2gx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e8acc9d8e6af7dfbfe70716ded431642ae4a6dd4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20337",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20337"
}
],
"source": {
"advisory": "GHSA-r95w-889q-x2gx",
"discovery": "UNKNOWN"
},
"title": "Missing checks for notification filter preferences editions in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46978",
"datePublished": "2024-09-18T17:25:15.821Z",
"dateReserved": "2024-09-16T16:10:09.017Z",
"dateUpdated": "2024-09-20T13:34:31.694Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41935
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.10.11, < 13.10.8 Version: >= 14.0.0, < 14.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.587Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p2x4-6ghr-6vmq"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1450b6e3c69ac7df25e5a2571186d1f43402facd#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19999"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.10.11, \u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users without the right to view documents can deduce their existence by repeated Livetable queries. The issue has been patched in XWiki 14.6RC1, 13.10.8, and 14.4.3, the response is not properly cleaned up of obfuscated entries. As a workaround, The patch for the document `XWiki.LiveTableResultsMacros` can be manually applied or a XAR archive of a patched version can be imported, on versions 12.10.11, 13.9-rc-1, and 13.4.4. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p2x4-6ghr-6vmq"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/1450b6e3c69ac7df25e5a2571186d1f43402facd#diff-5a739e5865b1f1ad9d79b724791be51b0095a0170cc078911c940478b13b949a"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19999"
}
],
"source": {
"advisory": "GHSA-p2x4-6ghr-6vmq",
"discovery": "UNKNOWN"
},
"title": "Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-livetable-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41935",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.587Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37899
Vulnerability from cvelistv5
Published
2024-06-20 22:13
Modified
2024-08-13 13:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.
As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Workarounds
We're not aware of any workaround except upgrading.
### References
* https://jira.xwiki.org/browse/XWIKI-21611
* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21611 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.4.7, <= 13.5 Version: >= 13.10.3, < 14.10.21 Version: >= 15.0-rc-1, < 15.5.5 Version: >= 15.6-rc-1, < 15.10.6 Version: >= 16.0.0-rc-1, < 16.0.0 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThanOrEqual": "13.5",
"status": "affected",
"version": "13.4.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "14.10.21",
"status": "affected",
"version": "13.10.3",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10.6",
"status": "affected",
"version": "15.6-rc-1,",
"versionType": "custom"
},
{
"lessThan": "16.0.0",
"status": "affected",
"version": "16.0.0-rc-1,",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T18:36:25.554418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:51:01.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.4.7, \u003c= 13.5"
},
{
"status": "affected",
"version": "\u003e= 13.10.3, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.6"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user\u0027s profile is executed with the admin\u0027s rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{/groovy}}`.\nAs an admin, go to the user profile and click the \"Disable this account\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### Workarounds\nWe\u0027re not aware of any workaround except upgrading.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21611\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T22:13:59.450Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21611",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21611"
}
],
"source": {
"advisory": "GHSA-j584-j2vj-3f93",
"discovery": "UNKNOWN"
},
"title": "Disabling a user account changes its author, allowing RCE from user account in XWiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37899",
"datePublished": "2024-06-20T22:13:59.450Z",
"dateReserved": "2024-06-10T19:54:41.362Z",
"dateUpdated": "2024-08-13T13:51:01.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34466
Vulnerability from cvelistv5
Published
2023-06-23 15:26
Modified
2024-11-29 14:36
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20002 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.0-milestone-1, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.164Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20002",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20002"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34466",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:36:19.667621Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:36:27.432Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0-milestone-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.0-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, tags from pages not viewable to the current user are leaked by the tags API. This information can also be exploited to infer the document reference of non-viewable pages. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0-rc-1.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T15:26:11.453Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7f2f-pcv3-j2r7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20002",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20002"
}
],
"source": {
"advisory": "GHSA-7f2f-pcv3-j2r7",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform\u0027s tags on non-viewable pages can be revealed to users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34466",
"datePublished": "2023-06-23T15:26:11.453Z",
"dateReserved": "2023-06-06T16:16:53.560Z",
"dateUpdated": "2024-11-29T14:36:27.432Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26476
Vulnerability from cvelistv5
Published
2023-03-02 18:02
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version >= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19949 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.2-m3, < 13.4.4 Version: >= 13.5.0, < 13.10.9 Version: >= 14.0.0, < 14.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.948Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19949",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19949"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2-m3, \u003c 13.4.4"
},
{
"status": "affected",
"version": "\u003e= 13.5.0, \u003c 13.10.9"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.2-m3, users can deduce the content of the password fields by repeated call to `LiveTableResults` and `WikisLiveTableResultsMacros`. The issue can be fixed by upgrading to versions 14.7-rc-1, 13.4.4, or 13.10.9 and higher, or in version \u003e= 3.2M3 by applying the patch manually on `LiveTableResults` and `WikisLiveTableResultsMacros`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:02:20.328Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5cf8-vrr8-8hjm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7f8825537c9523ccb5051abd78014d156f9791c8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19949",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19949"
}
],
"source": {
"advisory": "GHSA-5cf8-vrr8-8hjm",
"discovery": "UNKNOWN"
},
"title": "Two XWiki Platform UIs Expose Sensitive Information to an Unauthorized Actor"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26476",
"datePublished": "2023-03-02T18:02:20.328Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:52.948Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24819
Vulnerability from cvelistv5
Published
2022-04-08 19:20
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-18850 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.525Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18850"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T19:20:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18850"
}
],
"source": {
"advisory": "GHSA-97jg-43c9-q6pf",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated user can retrieve the list of users through uorgsuggest.vm",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24819",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated user can retrieve the list of users through uorgsuggest.vm"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 4.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents related to users of the wiki. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-97jg-43c9-q6pf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18850",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18850"
}
]
},
"source": {
"advisory": "GHSA-97jg-43c9-q6pf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24819",
"datePublished": "2022-04-08T19:20:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.525Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21648
Vulnerability from cvelistv5
Published
2024-01-08 23:31
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don't have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21257 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.0, < 14.10.17 Version: >= 15.0-rc-1, < 15.5.3 Version: >= 15.6-rc-1, < 15.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:35.707Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21257",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21257"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 14.10.17"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.3"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The rollback action is missing a right protection, a user can rollback to a previous version of the page to gain rights they don\u0027t have anymore. The problem has been patched in XWiki 14.10.17, 15.5.3 and 15.8-rc-1 by ensuring that the rights are checked before performing the rollback. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-274",
"description": "CWE-274: Improper Handling of Insufficient Privileges",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T23:31:50.298Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xh35-w7wg-95v3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4de72875ca49602796165412741033bfdbf1e680"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21257",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21257"
}
],
"source": {
"advisory": "GHSA-xh35-w7wg-95v3",
"discovery": "UNKNOWN"
},
"title": "XWiki has no right protection on rollback action"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21648",
"datePublished": "2024-01-08T23:31:50.298Z",
"dateReserved": "2023-12-29T16:10:20.366Z",
"dateUpdated": "2024-08-01T22:27:35.707Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32068
Vulnerability from cvelistv5
Published
2023-05-15 20:53
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20096 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20549 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:29.073Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20096",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20096"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20549",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it\u0027s possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. This vulnerability was partially fixed in the past for XWiki 12.10.7 and 13.3RC1 but there is still the possibility to force specific URLs to skip some checks, e.g. using URLs like `http:example.com` in the parameter would allow the redirect. The issue has now been patched against all patterns that are known for performing redirects. This issue has been patched in XWiki 14.10.4 and 15.0. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-15T20:53:09.228Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20096",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20096"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20549",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20549"
}
],
"source": {
"advisory": "GHSA-6gvj-8vc5-8v3j",
"discovery": "UNKNOWN"
},
"title": "URL Redirection to Untrusted Site in XWiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32068",
"datePublished": "2023-05-15T20:53:09.228Z",
"dateReserved": "2023-05-01T16:47:35.314Z",
"dateUpdated": "2024-08-02T15:03:29.073Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-48240
Vulnerability from cvelistv5
Published
2023-11-20 17:48
Modified
2024-08-02 21:23
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image's source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image's domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-<version>.jar` in `WEB-INF/lib/`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20818 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.10.1, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.1 Version: >= 15.6-rc-1, < 15.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T21:23:39.265Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20818",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20818"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.10.1, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.1"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. The attack can be triggered with an image that references the rendered diff, thus making it easy to trigger. Apart from stealing login cookies, this also allows server-side request forgery (the result of any successful request is returned in the image\u0027s source) and viewing protected content as once a resource is cached, it is returned for all users. As only successful requests are cached, the cache will be filled by the first user who is allowed to access the resource. This has been patched in XWiki 14.10.15, 15.5.1 and 15.6. The rendered diff now only downloads images from trusted domains. Further, cookies are only sent when the image\u0027s domain is the same the requested domain. The cache has been changed to be specific for each user. As a workaround, the image embedding feature can be disabled by deleting `xwiki-platform-diff-xml-\u003cversion\u003e.jar` in `WEB-INF/lib/`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-201",
"description": "CWE-201: Insertion of Sensitive Information Into Sent Data",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-918",
"description": "CWE-918: Server-Side Request Forgery (SSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-20T17:48:03.447Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20818",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20818"
}
],
"source": {
"advisory": "GHSA-7rfg-6273-f5wp",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-48240",
"datePublished": "2023-11-20T17:48:03.447Z",
"dateReserved": "2023-11-13T13:25:18.482Z",
"dateUpdated": "2024-08-02T21:23:39.265Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35166
Vulnerability from cvelistv5
Published
2023-06-20 19:29
Modified
2024-12-06 21:35
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 8.1-milestone-1, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7h",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7h"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20281",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20281"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-06T21:35:23.392629Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-06T21:35:31.737Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.1-milestone-1, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-20T19:29:51.912Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7h"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20281",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20281"
}
],
"source": {
"advisory": "GHSA-h7cw-44vp-jq7h",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation (PR) from account through TipsPanel"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35166",
"datePublished": "2023-06-20T19:29:51.912Z",
"dateReserved": "2023-06-14T14:17:52.179Z",
"dateUpdated": "2024-12-06T21:35:31.737Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26056
Vulnerability from cvelistv5
Published
2023-03-02 18:44
Modified
2024-08-02 11:39
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19856 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.0-milestone-1, < 13.10.10 Version: >= 14.0-rc-1, < 14.4.5 Version: >= 14.5, < 14.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:39:06.564Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19856",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19856"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.0-milestone-1, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.5"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it\u0027s possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:44:00.363Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-859x-p6jp-rc2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4b75f212c2dd2dfc5fb5726c7830c6dbc9a425c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd34ad6710ed72304304a3d5fec38b7cc050ef3b"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dd3f4735b41971b3afc3f3aedf6664b4e8be4894"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19856",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19856"
}
],
"source": {
"advisory": "GHSA-859x-p6jp-rc2w",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform allows macro execution as any user without programming rights through the context macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26056",
"datePublished": "2023-03-02T18:44:00.363Z",
"dateReserved": "2023-02-17T22:44:03.151Z",
"dateUpdated": "2024-08-02T11:39:06.564Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29203
Vulnerability from cvelistv5
Published
2023-04-15 15:17
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. It's possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/pull/1883 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20007 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.9-rc-1, < 13.10.8 Version: >= 14.0-rc-1, < 14.4.3 Version: >= 14.5, < 14.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.864Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83"
},
{
"name": "https://github.com/xwiki/xwiki-platform/pull/1883",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/pull/1883"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20007",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20007"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.9-rc-1, \u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.3"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. It\u0027s possible to list some users who are normally not viewable from subwiki by requesting users on a subwiki which allows only global users with `uorgsuggest.vm`. This issue only concerns hidden users from main wiki. Note that the disclosed information are the username and the first and last name of users, no other information is leaked. The problem has been patched on XWiki 13.10.8, 14.4.3 and 14.7RC1. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 3.7,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:17:46.895Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vvp7-r422-rx83"
},
{
"name": "https://github.com/xwiki/xwiki-platform/pull/1883",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/pull/1883"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20007",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20007"
}
],
"source": {
"advisory": "GHSA-vvp7-r422-rx83",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated user can have information about hidden users on subwikis through uorgsuggest.vm "
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29203",
"datePublished": "2023-04-15T15:17:46.895Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-08-02T14:00:15.864Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45136
Vulnerability from cvelistv5
Published
2023-10-25 19:36
Modified
2024-09-10 14:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20854 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.0-rc-1, < 14.10.12 Version: >= 15.0-rc-1, < 15.5-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.821Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20854",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20854"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.12",
"status": "affected",
"version": "12.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5-rc-1",
"status": "affected",
"version": "5.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45136",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:34:46.099372Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:37:35.814Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0-rc-1, \u003c 14.10.12"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When document names are validated according to a name strategy (disabled by default), XWiki starting in version 12.0-rc-1 and prior to versions 12.10.12 and 15.5-rc-1 is vulnerable to a reflected cross-site scripting attack in the page creation form. This allows an attacker to execute arbitrary actions with the rights of the user opening the malicious link. Depending on the rights of the user, this may allow remote code execution and full read and write access to the whole XWiki installation. This has been patched in XWiki 14.10.12 and 15.5-rc-1 by adding appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki\u0027s WAR and can be patched by manually applying the changes from the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:36:26.561Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj9-gcpg-4w2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba56fda175156dd35035f2b8c86cbd8ef1f90c2e"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20854",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20854"
}
],
"source": {
"advisory": "GHSA-qcj9-gcpg-4w2w",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform web templates vulnerable to reflected XSS in the create document form if name validation is enabled"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45136",
"datePublished": "2023-10-25T19:36:26.561Z",
"dateReserved": "2023-10-04T16:02:46.329Z",
"dateUpdated": "2024-09-10T14:37:35.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-21651
Vulnerability from cvelistv5
Published
2024-01-08 23:30
Modified
2024-08-01 22:27
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XCOMMONS-2796 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.10, < 14.10.18 Version: >= 15.0-rc-1, < 15.5.3 Version: >= 15.6-rc-1, < 15.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:27:36.137Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4"
},
{
"name": "https://jira.xwiki.org/browse/XCOMMONS-2796",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XCOMMONS-2796"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.10, \u003c 14.10.18"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.3"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-08T23:30:03.580Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8959-rfxh-r4j4"
},
{
"name": "https://jira.xwiki.org/browse/XCOMMONS-2796",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XCOMMONS-2796"
}
],
"source": {
"advisory": "GHSA-8959-rfxh-r4j4",
"discovery": "UNKNOWN"
},
"title": "XWiki Denial of Service attack through attachments"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-21651",
"datePublished": "2024-01-08T23:30:03.580Z",
"dateReserved": "2023-12-29T16:10:20.366Z",
"dateUpdated": "2024-08-01T22:27:36.137Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23616
Vulnerability from cvelistv5
Published
2022-02-09 20:55
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-16661 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: > 3.1M1, < 13.1RC1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.476Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16661"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e 3.1M1, \u003c 13.1RC1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T20:55:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16661"
}
],
"source": {
"advisory": "GHSA-mgjw-2wrp-r535",
"discovery": "UNKNOWN"
},
"title": "Remote code execution in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23616",
"STATE": "PUBLIC",
"TITLE": "Remote code execution in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e 3.1M1, \u003c 13.1RC1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16661",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-16661"
}
]
},
"source": {
"advisory": "GHSA-mgjw-2wrp-r535",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23616",
"datePublished": "2022-02-09T20:55:10",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.476Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24820
Vulnerability from cvelistv5
Published
2022-04-08 19:25
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-16544 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 8.4.5, < 10.11.8, < 11.3.1, < 13.6-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16544"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 8.4.5, \u003c 10.11.8, \u003c 11.3.1, \u003c 13.6-rc-1 "
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T19:25:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-16544"
}
],
"source": {
"advisory": "GHSA-qpp2-2mcp-2wm5",
"discovery": "UNKNOWN"
},
"title": "Unauthenticated user can list hidden document from multiple velocity templates",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24820",
"STATE": "PUBLIC",
"TITLE": "Unauthenticated user can list hidden document from multiple velocity templates"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 8.4.5, \u003c 10.11.8, \u003c 11.3.1, \u003c 13.6-rc-1 "
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A guest user without the right to view pages of the wiki can still list documents by rendering some velocity documents. The problem has been patched in XWiki versions 12.10.11, 13.4.4, and 13.9-rc-1. There is no known workaround for this problem."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qpp2-2mcp-2wm5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-16544",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-16544"
}
]
},
"source": {
"advisory": "GHSA-qpp2-2mcp-2wm5",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24820",
"datePublished": "2022-04-08T19:25:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45135
Vulnerability from cvelistv5
Published
2023-10-25 19:29
Modified
2024-09-10 14:41
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn't displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right.
For the attack to work, the attacker needs to convince the victim to visit a link like `<xwiki-host>/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `<xwiki-host>` is the URL of the Wiki installation and to then click on the "Create" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn't exist yet, the malicious code is not displayed anywhere on that page. After clicking the "Create" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake "create page" button on a page which is possible with edit right.
This has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20869 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.2-milestone-2, < 14.10.12 Version: >= 15.0-rc-1, < 15.5-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20869",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20869"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.12",
"status": "affected",
"version": "7.2-milestone-2",
"versionType": "custom"
},
{
"lessThan": "15.5-rc-1",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45135",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T14:38:48.320503Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T14:41:32.479Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2-milestone-2, \u003c 14.10.12"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In `org.xwiki.platform:xwiki-platform-web` versions 7.2-milestone-2 until 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, it is possible to pass a title to the page creation action that isn\u0027t displayed at first but then executed in the second step. This can be used by an attacker to trick a victim to execute code, allowing script execution if the victim has script right or remote code execution including full access to the XWiki instance if the victim has programming right.\n\nFor the attack to work, the attacker needs to convince the victim to visit a link like `\u003cxwiki-host\u003e/xwiki/bin/create/NonExistingSpace/WebHome?title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)` where `\u003cxwiki-host\u003e` is the URL of the Wiki installation and to then click on the \"Create\" button on that page. The page looks like a regular XWiki page that the victim would also see when clicking the button to create a page that doesn\u0027t exist yet, the malicious code is not displayed anywhere on that page. After clicking the \"Create\" button, the malicious title would be displayed but at this point, the code has already been executed and the attacker could use this code also to hide the attack, e.g., by redirecting the victim again to the same page with an innocent title. It thus seems plausible that this attack could work if the attacker can place a fake \"create page\" button on a page which is possible with edit right.\n\nThis has been patched in `org.xwiki.platform:xwiki-platform-web` version 14.10.12 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by displaying the title already in the first step such that the victim can notice the attack before continuing. It is possible to manually patch the modified files from the patch in an existing installation. For the JavaScript change, the minified JavaScript file would need to be obtained from a build of XWiki and replaced accordingly."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T19:29:04.882Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghf6-2f42-mjh9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/199e27ce7016757e66fa7cea99e718044a1b639b"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20869",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20869"
}
],
"source": {
"advisory": "GHSA-ghf6-2f42-mjh9",
"discovery": "UNKNOWN"
},
"title": "XWiki users can be tricked to execute scripts as the create page action doesn\u0027t display the page\u0027s title"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45135",
"datePublished": "2023-10-25T19:29:04.882Z",
"dateReserved": "2023-10-04T16:02:46.329Z",
"dateUpdated": "2024-09-10T14:41:32.479Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41930
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.4, < 13.10.7 Version: >= 14.0.0, < 14.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.544Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5v9-g8w8-5q4v"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19792"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.4, \u003c 13.10.7"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow to a disabled user to re-enable themselves, or to an attacker to disable any user of the wiki. The problem has been patched in XWiki 13.10.7, 14.5RC1 and 14.4.2. Workarounds: The problem can be patched immediately by editing the page `XWiki.XWikiUserProfileSheet` in the wiki and by performing the changes contained in https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5v9-g8w8-5q4v"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/5be1cc0adf917bf10899c47723fa451e950271fa"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19792"
}
],
"source": {
"advisory": "GHSA-p5v9-g8w8-5q4v",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-user-profile-ui missing authorization to enable or disable users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41930",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.544Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-45137
Vulnerability from cvelistv5
Published
2023-10-25 20:13
Modified
2024-09-10 19:44
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki's WAR and can be patched by manually applying the changes from the fix.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20961 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.1-milestone-2, < 13.4-rc-1 Version: >= 14.0-rc-1, < 14.10.12 Version: >= 15.0-rc-1, < 15.5-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:14:19.759Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20961",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20961"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "13.4-rc-1",
"status": "affected",
"version": "3.1-milestone-2",
"versionType": "custom"
},
{
"lessThan": "14.10.12",
"status": "affected",
"version": "14.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5-rc-1",
"status": "affected",
"version": "5.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-45137",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T19:41:28.651499Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-10T19:44:17.067Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1-milestone-2, \u003c 13.4-rc-1"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.10.12"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. `org.xwiki.platform:xwiki-platform-web` starting in version 3.1-milestone-2 and prior to version 13.4-rc-1, as well as `org.xwiki.platform:xwiki-platform-web-templates` prior to versions 14.10.12 and 15.5-rc-1, are vulnerable to cross-site scripting. When trying to create a document that already exists, XWiki displays an error message in the form for creating it. Due to missing escaping, this error message is vulnerable to raw HTML injection and thus XSS. The injected code is the document reference of the existing document so this requires that the attacker first creates a non-empty document whose name contains the attack code. This has been patched in `org.xwiki.platform:xwiki-platform-web` version 13.4-rc-1 and `org.xwiki.platform:xwiki-platform-web-templates` versions 14.10.12 and 15.5-rc-1 by adding the appropriate escaping. The vulnerable template file `createinline.vm` is part of XWiki\u0027s WAR and can be patched by manually applying the changes from the fix."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T20:13:22.602Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-93gh-jgjj-r929"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ed8ec747967f8a16434806e727a57214a8843581"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20961",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20961"
}
],
"source": {
"advisory": "GHSA-93gh-jgjj-r929",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform XSS with edit right in the create document form for existing pages"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-45137",
"datePublished": "2023-10-25T20:13:22.602Z",
"dateReserved": "2023-10-04T16:02:46.329Z",
"dateUpdated": "2024-09-10T19:44:17.067Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50720
Vulnerability from cvelistv5
Published
2023-12-15 19:02
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki's regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20371 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.15 Version: >= 15.0-rc-1, < 15.5.2 Version: >= 15.6-rc-1, < 15.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.165Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20371",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20371"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the email addresses of users even when obfuscation of email addresses is enabled. To demonstrate the vulnerability, search for `objcontent:email*` using XWiki\u0027s regular search interface. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1 by not indexing email address properties when obfuscation is enabled. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:35.372Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20371",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20371"
}
],
"source": {
"advisory": "GHSA-2grh-gr37-2283",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Solr search discloses email addresses of users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50720",
"datePublished": "2023-12-15T19:02:35.372Z",
"dateReserved": "2023-12-11T17:53:36.030Z",
"dateUpdated": "2024-08-02T22:16:47.165Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37910
Vulnerability from cvelistv5
Published
2023-10-25 17:17
Modified
2024-09-17 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20334 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.0-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.813Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20334",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20334"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37910",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:38:18.170261Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:37:20.995Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with the introduction of attachment move support in version 14.0-rc-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, an attacker with edit access on any document (can be the user profile which is editable by default) can move any attachment of any other document to this attacker-controlled document. This allows the attacker to access and possibly publish any attachment of which the name is known, regardless if the attacker has view or edit rights on the source document of this attachment. Further, the attachment is deleted from the source document. This vulnerability has been patched in XWiki 14.4.8, 14.10.4, and 15.0 RC1. There is no workaround apart from upgrading to a fixed version."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T17:17:23.795Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rwwx-6572-mp29"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d7720219d60d7201c696c3196c9d4a86d0881325"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20334",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20334"
}
],
"source": {
"advisory": "GHSA-rwwx-6572-mp29",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-attachment-api vulnerable to Missing Authorization on Attachment Move"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37910",
"datePublished": "2023-10-25T17:17:23.795Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-09-17T13:37:20.995Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35155
Vulnerability from cvelistv5
Published
2023-06-23 18:15
Modified
2024-11-27 20:17
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `<xwiki-host>/xwiki/bin/view/Main/?viewer=share&send=1&target=&target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E&includeDocument=inline&message=I+wanted+to+share+this+page+with+you.`, where `<xwiki-host>` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20370 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.6-rc-2, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.400Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20370",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20370"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35155",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:17:50.579308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:17:59.193Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6-rc-2, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). For instance, the following URL execute an `alter` on the browser: `\u003cxwiki-host\u003e/xwiki/bin/view/Main/?viewer=share\u0026send=1\u0026target=\u0026target=%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Cimg+src+onerror%3Dalert%28document.domain%29%3E+%3Crenniepak%40intigriti.me%3E\u0026includeDocument=inline\u0026message=I+wanted+to+share+this+page+with+you.`, where `\u003cxwiki-host\u003e` is the URL of your XWiki installation. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:15:05.289Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fwwj-wg89-7h4c"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20370",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20370"
}
],
"source": {
"advisory": "GHSA-fwwj-wg89-7h4c",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to cross-site scripting in target parameter via share page by email"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35155",
"datePublished": "2023-06-23T18:15:05.289Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:17:59.193Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35160
Vulnerability from cvelistv5
Published
2023-06-23 18:48
Modified
2024-11-27 20:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: > xwiki/bin/view/XWiki/Main xpage=resubmit&resubmit=javascript:alert(document.domain)&xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20343 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.5-milestone-2, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.673Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20343",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20343"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35160",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:07:48.107684Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:07:56.811Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5-milestone-2, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the resubmit template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/view/XWiki/Main xpage=resubmit\u0026resubmit=javascript:alert(document.domain)\u0026xback=javascript:alert(document.domain). This vulnerability exists since XWiki 2.5-milestone-2. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:48:18.136Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-r8xc-xxh3-q5x3"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/dbc92dcdace33823ffd1e1591617006cb5fc6a7f"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20343",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20343"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"source": {
"advisory": "GHSA-r8xc-xxh3-q5x3",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via back and xcontinue parameters in resubmit template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35160",
"datePublished": "2023-06-23T18:48:18.136Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:07:56.811Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32731
Vulnerability from cvelistv5
Published
2021-07-01 19:05
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.1RC1, <= 13.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:55.504Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18400"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.1RC1, \u003c= 13.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-07-01T19:05:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18400"
}
],
"source": {
"advisory": "GHSA-h4m4-pgp4-whgm",
"discovery": "UNKNOWN"
},
"title": "The reset password form reveal users email address",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32731",
"STATE": "PUBLIC",
"TITLE": "The reset password form reveal users email address"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 13.1RC1, \u003c= 13.1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Between (and including) versions 13.1RC1 and 13.1, the reset password form reveals the email address of users just by giving their username. The problem has been patched on XWiki 13.2RC1. As a workaround, it is possible to manually modify the `resetpasswordinline.vm` to perform the changes made to mitigate the vulnerability."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4m4-pgp4-whgm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/0cf716250b3645a5974c80d8336dcdf885749dff#diff-14a3132e3986b1f5606dd13d9d8a8bb8634bec9932123c5e49e9604cfd850fc2"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18400",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18400"
}
]
},
"source": {
"advisory": "GHSA-h4m4-pgp4-whgm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32731",
"datePublished": "2021-07-01T19:05:14",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:55.504Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29207
Vulnerability from cvelistv5
Published
2023-04-15 15:48
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn't properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn't require script rights, this can be demonstrated with the syntax `{{documents id="example" count="5" actions="false" columns="doc.title, before<script>alert(1)</script>after"/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6vgh-9r3c-2cxp | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/65ca06c51e7a1d5a579344c7272b2cc9a9a21126 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-15205 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.9-milestone-2, < 13.10.10 Version: >= 14.0-rc-1, < 14.4.6 Version: >= 14.5, < 14.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.866Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6vgh-9r3c-2cxp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6vgh-9r3c-2cxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/65ca06c51e7a1d5a579344c7272b2cc9a9a21126",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/65ca06c51e7a1d5a579344c7272b2cc9a9a21126"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-15205",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-15205"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.9-milestone-2, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": " XWiki Commons are technical libraries common to several other top level XWiki projects. The Livetable Macro wasn\u0027t properly sanitizing column names, thus allowing the insertion of raw HTML code including JavaScript. This vulnerability was also exploitable via the Documents Macro that is included since XWiki 3.5M1 and doesn\u0027t require script rights, this can be demonstrated with the syntax `{{documents id=\"example\" count=\"5\" actions=\"false\" columns=\"doc.title, before\u003cscript\u003ealert(1)\u003c/script\u003eafter\"/}}`. Therefore, this can also be exploited by users without script right and in comments. With the interaction of a user with more rights, this could be used to execute arbitrary actions in the wiki, including privilege escalation, remote code execution, information disclosure, modifying or deleting content. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:48:05.169Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6vgh-9r3c-2cxp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6vgh-9r3c-2cxp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/65ca06c51e7a1d5a579344c7272b2cc9a9a21126",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/65ca06c51e7a1d5a579344c7272b2cc9a9a21126"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-15205",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-15205"
}
],
"source": {
"advisory": "GHSA-6vgh-9r3c-2cxp",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Script-Related HTML Tags (XSS) in the LiveTable Macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29207",
"datePublished": "2023-04-15T15:48:05.169Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.866Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36099
Vulnerability from cvelistv5
Published
2022-09-08 20:45
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary Groovy/Python/Velocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19746 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.3-milestone-2, < 13.10.6 Version: >= 14.0, < 14.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.678Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19746"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3-milestone-2, \u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it\u0027s possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary Groovy/Python/Velocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:45:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19746"
}
],
"source": {
"advisory": "GHSA-xr6m-2p4m-jvqf",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36099",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Wiki UI Main Wiki Eval Injection vulnerability"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.3-milestone-2, \u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0, \u003c 14.4"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Wiki UI Main Wiki is software for managing subwikis on XWiki Platform, a generic wiki platform. Starting with version 5.3-milestone-2 and prior to versions 13.10.6 and 14.4, it\u0027s possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the request (URL parameter) using the `XWikiServerClassSheet` if the user has view access to this sheet and another page that has been saved with programming rights, a standard condition on a public read-only XWiki installation or a private XWiki installation where the user has an account. This allows arbitrary Groovy/Python/Velocity code execution which allows bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. Also, this could be used to impact the availability of the wiki. This has been patched in versions 13.10.6 and 14.4. As a workaround, edit the affected document `XWiki.XWikiServerClassSheet` or `WikiManager.XWikiServerClassSheet` and manually perform the changes from the patch fixing the issue. On XWiki versions 12.0 and later, it is also possible to import the document `XWiki.XWikiServerClassSheet` from the xwiki-platform-wiki-ui-mainwiki package version 14.4 using the import feature of the administration application as there have been no other changes to this document since XWiki 12.0."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xr6m-2p4m-jvqf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/fc77f9f53bc65a4a9bfae3d5686615309c0c76cc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19746",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19746"
}
]
},
"source": {
"advisory": "GHSA-xr6m-2p4m-jvqf",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36099",
"datePublished": "2022-09-08T20:45:14",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.678Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35158
Vulnerability from cvelistv5
Published
2023-06-23 18:26
Modified
2024-11-27 20:09
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the restore template to perform a XSS, e.g. by using URL such as: > /xwiki/bin/view/XWiki/Main?xpage=restore&showBatch=true&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20352 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 9.4-rc-1, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.096Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20352",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20352"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35158",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:09:39.224813Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:09:48.049Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.4-rc-1, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the restore template to perform a XSS, e.g. by using URL such as: \u003e /xwiki/bin/view/XWiki/Main?xpage=restore\u0026showBatch=true\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 9.4-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1. "
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:26:37.121Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mwxj-g7fw-7hc8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d5472100606c8355ed44ada273e91df91f682738"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20352",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20352"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"source": {
"advisory": "GHSA-mwxj-g7fw-7hc8",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in restore template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35158",
"datePublished": "2023-06-23T18:26:37.121Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:09:48.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37914
Vulnerability from cvelistv5
Published
2023-08-17 17:21
Modified
2024-10-08 16:22
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20421 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.5-m1, < 14.4.8 Version: >= 14.5.0, < 14.10.6 Version: >= 15.0, < 15.2-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.860Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20421",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20421"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.4.8",
"status": "affected",
"version": "2.5m1",
"versionType": "custom"
},
{
"lessThan": "14.10.6",
"status": "affected",
"version": "14.5.0",
"versionType": "custom"
},
{
"lessThan": "15.2-tc-1",
"status": "affected",
"version": "15.0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37914",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T16:19:19.925359Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T16:22:04.023Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.5-m1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 15.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can view `Invitation.WebHome` can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This vulnerability has been patched on XWiki 14.4.8, 15.2-rc-1, and 14.10.6. Users are advised to upgrade. Users unable to upgrade may manually apply the patch on `Invitation.InvitationCommon` and `Invitation.InvitationConfig`, but there are otherwise no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-17T17:21:23.571Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7954-6m9q-gpvf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ff1d8a1790c6ee534c6a4478360a06efeb2d3591"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20421",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20421"
}
],
"source": {
"advisory": "GHSA-7954-6m9q-gpvf",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation (PR)/RCE from account through Invitation subject/message"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37914",
"datePublished": "2023-08-17T17:21:23.571Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-10-08T16:22:04.023Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41936
Vulnerability from cvelistv5
Published
2022-11-22 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user's rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 8.1, < 13.10.8 Version: >= 14.0.0, < 14.4.3 Version: >= 14.5.0, < 14.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.536Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p88w-fhxw-xvcc"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19997"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.1, \u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.3"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The `modifications` rest endpoint does not filter out entries according to the user\u0027s rights. Therefore, information hidden from unauthorized users are exposed though the `modifications` rest endpoint (comments and page names etc). Users should upgrade to XWiki 14.6+, 14.4.3+, or 13.10.8+. Older versions have not been patched. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-22T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p88w-fhxw-xvcc"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/38dc1aa1a4435f24d58f5b8e4566cbcb0971f8ff"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19997"
}
],
"source": {
"advisory": "GHSA-p88w-fhxw-xvcc",
"discovery": "UNKNOWN"
},
"title": "Exposure of Private Personal Information to an Unauthorized Actor in xwiki-platform-rest-server"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41936",
"datePublished": "2022-11-22T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.536Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26478
Vulnerability from cvelistv5
Published
2023-03-02 17:46
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right.
`com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20180 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.3-rc-1, < 14.4.6 Version: >= 14.5, < 14.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:53.814Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20180",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20180"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.3-rc-1, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` returns an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right.\n`com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user\u0027s rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 6.6,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-749",
"description": "CWE-749: Exposed Dangerous Method or Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T17:46:15.394Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20180",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20180"
}
],
"source": {
"advisory": "GHSA-8692-g6g9-gm5p",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-store-filesystem-oldcore has Exposed Dangerous Method or Function"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26478",
"datePublished": "2023-03-02T17:46:15.394Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:53.814Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41934
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.8 Version: >= 14.0.0, < 14.4.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19857"
},
{
"tags": [
"x_transferred"
],
"url": "https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19857"
},
{
"url": "https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages"
}
],
"source": {
"advisory": "GHSA-6w8h-26xx-cf8q",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41934",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41929
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.7RC1, < 13.10.7 Version: >= 14.0.0, < 14.4.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.586Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2gj2-vj98-j2qq"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0b732f2ef0224e2aaf10e2e1ef48dbd3fb6e10cd"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19804"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.7RC1, \u003c 13.10.7"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available for users with admin rights. This problem has been patched in XWiki 13.10.7, 14.4.2 and 14.5RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.9,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2gj2-vj98-j2qq"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/0b732f2ef0224e2aaf10e2e1ef48dbd3fb6e10cd"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19804"
}
],
"source": {
"advisory": "GHSA-2gj2-vj98-j2qq",
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in User#setDisabledStatus in org.xwiki.platform:xwiki-platform-oldcore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41929",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.586Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36097
Vulnerability from cvelistv5
Published
2022-09-08 20:35
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. This issue has been patched in XWiki 14.4-rc-1. As a workaround, one may copy `moveStep1.vm` to `webapp/xwiki/templates/moveStep1.vm` and replace vulnerable code with code from the patch.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 14.0-rc-1, < 14.4-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.510Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9r9j-57rf-f6vj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fbc4bfbae4f6ce8109addb281de86a03acdb9277"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19667"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://raw.githubusercontent.com/xwiki/xwiki-platform/xwiki-platform-14.0-rc-1/xwiki-platform-core/xwiki-platform-attachment/xwiki-platform-attachment-api/src/main/resources/templates/attachment/moveStep1.vm"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it\u0027s possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. This issue has been patched in XWiki 14.4-rc-1. As a workaround, one may copy `moveStep1.vm` to `webapp/xwiki/templates/moveStep1.vm` and replace vulnerable code with code from the patch."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:35:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9r9j-57rf-f6vj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fbc4bfbae4f6ce8109addb281de86a03acdb9277"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19667"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://raw.githubusercontent.com/xwiki/xwiki-platform/xwiki-platform-14.0-rc-1/xwiki-platform-core/xwiki-platform-attachment/xwiki-platform-attachment-api/src/main/resources/templates/attachment/moveStep1.vm"
}
],
"source": {
"advisory": "GHSA-9r9j-57rf-f6vj",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36097",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Attachment UI vulnerable to cross-site scripting in the move attachment form"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 14.0-rc-1, \u003c 14.4-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it\u0027s possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the corresponding attachment. This issue has been patched in XWiki 14.4-rc-1. As a workaround, one may copy `moveStep1.vm` to `webapp/xwiki/templates/moveStep1.vm` and replace vulnerable code with code from the patch."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9r9j-57rf-f6vj",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9r9j-57rf-f6vj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fbc4bfbae4f6ce8109addb281de86a03acdb9277",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/fbc4bfbae4f6ce8109addb281de86a03acdb9277"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19667",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19667"
},
{
"name": "https://raw.githubusercontent.com/xwiki/xwiki-platform/xwiki-platform-14.0-rc-1/xwiki-platform-core/xwiki-platform-attachment/xwiki-platform-attachment-api/src/main/resources/templates/attachment/moveStep1.vm",
"refsource": "MISC",
"url": "https://raw.githubusercontent.com/xwiki/xwiki-platform/xwiki-platform-14.0-rc-1/xwiki-platform-core/xwiki-platform-attachment/xwiki-platform-attachment-api/src/main/resources/templates/attachment/moveStep1.vm"
}
]
},
"source": {
"advisory": "GHSA-9r9j-57rf-f6vj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36097",
"datePublished": "2022-09-08T20:35:11",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.510Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29211
Vulnerability from cvelistv5
Published
2023-04-16 06:34
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `wikiId` url parameter. The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.3-milestone-2, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.991Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20297",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20297"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.3-milestone-2, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights `WikiManager.DeleteWiki` can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `wikiId` url parameter. The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T06:34:27.926Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20297",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20297"
}
],
"source": {
"advisory": "GHSA-w7v9-fc49-4qg4",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29211",
"datePublished": "2023-04-16T06:34:27.926Z",
"dateReserved": "2023-04-03T13:37:18.455Z",
"dateUpdated": "2024-08-02T14:00:15.991Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55663
Vulnerability from cvelistv5
Published
2024-12-12 18:53
Modified
2024-12-16 18:08
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-17568 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.3-milestone-2, < 13.10.5 Version: >= 14.0-rc-1, < 14.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55663",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T14:58:07.606160Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:58:18.872Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.3-milestone-2, \u003c 13.10.5"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 13.10.5 and 14.3-rc-1, in `getdocument.vm`; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. This has been patched in 13.10.5 and 14.3-rc-1. There is no known workaround, other than upgrading XWiki."
}
],
"metrics": [
{
"cvssV4_0": {
"attackComplexity": "LOW",
"attackRequirements": "NONE",
"attackVector": "NETWORK",
"baseScore": 8.6,
"baseSeverity": "HIGH",
"privilegesRequired": "HIGH",
"subAvailabilityImpact": "NONE",
"subConfidentialityImpact": "NONE",
"subIntegrityImpact": "NONE",
"userInteraction": "NONE",
"vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",
"version": "4.0",
"vulnAvailabilityImpact": "HIGH",
"vulnConfidentialityImpact": "HIGH",
"vulnIntegrityImpact": "HIGH"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-16T18:08:43.496Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17568",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17568"
}
],
"source": {
"advisory": "GHSA-wh34-m772-5398",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform has an SQL injection in getdocuments.vm with sort parameter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55663",
"datePublished": "2024-12-12T18:53:49.491Z",
"dateReserved": "2024-12-10T15:33:57.417Z",
"dateUpdated": "2024-12-16T18:08:43.496Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31987
Vulnerability from cvelistv5
Published
2024-04-10 20:32
Modified
2024-08-20 18:00
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21478 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.4-milestone-1, < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.698Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21478",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21478"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "6.4-milestone-1",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-20T17:31:03.795162Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-20T18:00:36.216Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.4-milestone-1, \u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T20:32:39.317Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cv55-v6rw-7r5v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3d4dbb41f52d1a6e39835cfb1695ca6668605a39"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/626d2a5dbf95b4e719ae13bf1a0a9c76e4edd5a2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/da177c3c972e797d92c1a31e278f946012c41b56"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21478",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21478"
}
],
"source": {
"advisory": "GHSA-cv55-v6rw-7r5v",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform remote code execution from account via custom skins support"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31987",
"datePublished": "2024-04-10T20:32:39.317Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-20T18:00:36.216Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23622
Vulnerability from cvelistv5
Published
2022-02-09 21:40
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the "Prevent unregistered users from viewing pages, regardless of the page rights" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type="hidden" name="xredirect" value="$escapetool.xml($!request.xredirect)" />`. If for some reason it's not possible to patch this file, another workaround is to ensure "Prevent unregistered users from viewing pages, regardless of the page rights" is not checked in the rights and apply a better right scheme using groups and rights on spaces.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19291 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.6.1, < 12.10.11 Version: >= 13.0.0, < 13.4.7 Version: >= 13.10.0, < 13.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:45.598Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19291"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.6.1, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.7"
},
{
"status": "affected",
"version": "\u003e= 13.10.0, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:40:10",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19291"
}
],
"source": {
"advisory": "GHSA-gx6h-936c-vrrr",
"discovery": "UNKNOWN"
},
"title": "Cross site scripting in registration template in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23622",
"STATE": "PUBLIC",
"TITLE": "Cross site scripting in registration template in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.6.1, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.4.7"
},
{
"version_value": "\u003e= 13.10.0, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `\u003cinput type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /\u003e`. If for some reason it\u0027s not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19291",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19291"
}
]
},
"source": {
"advisory": "GHSA-gx6h-936c-vrrr",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23622",
"datePublished": "2022-02-09T21:40:10",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:45.598Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37909
Vulnerability from cvelistv5
Published
2023-10-25 17:09
Modified
2024-09-17 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20746 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.1-rc-1, < 14.10.8 Version: >= 15.0-rc-1, < 15.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.788Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20746",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20746"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37909",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:39:07.513308Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-17T13:37:52.375Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.1-rc-1, \u003c 14.10.8"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 5.1-rc-1 and prior to versions 14.10.8 and 15.3-rc-1, any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. This has been patched in XWiki 14.10.8 and 15.3-rc-1 by adding proper escaping. As a workaround, the patch can be manually applied to the document `Menu.UIExtensionSheet`; only three lines need to be changed."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T17:09:59.187Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v2rr-xw95-wcjx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9e8f080094333dec63a8583229a3799208d773be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20746",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20746"
}
],
"source": {
"advisory": "GHSA-v2rr-xw95-wcjx",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation (PR)/remote code execution from account through Menu.UIExtensionSheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37909",
"datePublished": "2023-10-25T17:09:59.187Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-09-17T13:37:52.375Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32732
Vulnerability from cvelistv5
Published
2022-02-04 22:15
Modified
2024-08-03 23:33
Severity ?
EPSS score ?
Summary
### Impact It's possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it's quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: - a first one to fix the CSRF problem - a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It's possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsername.xml#L39-L123 In version after 13.x it's also possible to edit manually the forgotusername.vm file, but it's really encouraged to upgrade the version here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org)
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/69548c0320cbd772540cf4668743e69f879812cf | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/f0440dfcbba705e03f7565cd88893dde57ca3fa8 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18384 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18408 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.10.5 Version: >= 13.0, < 13.2RC1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:33:54.749Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/69548c0320cbd772540cf4668743e69f879812cf"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f0440dfcbba705e03f7565cd88893dde57ca3fa8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18384"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18408"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.10.5 "
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.2RC1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "### Impact It\u0027s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it\u0027s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: - a first one to fix the CSRF problem - a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It\u0027s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsername.xml#L39-L123 In version after 13.x it\u0027s also possible to edit manually the forgotusername.vm file, but it\u0027s really encouraged to upgrade the version here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org)"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-04T22:15:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/69548c0320cbd772540cf4668743e69f879812cf"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f0440dfcbba705e03f7565cd88893dde57ca3fa8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18384"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18408"
}
],
"source": {
"advisory": "GHSA-vh5c-jqfg-mhrh",
"discovery": "UNKNOWN"
},
"title": "Cross-Site Request Forgery in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32732",
"STATE": "PUBLIC",
"TITLE": "Cross-Site Request Forgery in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.10.5 "
},
{
"version_value": "\u003e= 13.0, \u003c 13.2RC1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "### Impact It\u0027s possible to know if a user has or not an account in a wiki related to an email address, and which username(s) is actually tied to that email by forging a request to the Forgot username page. Note that since this page does not have a CSRF check it\u0027s quite easy to perform a lot of those requests. ### Patches This issue has been patched in XWiki 12.10.5 and 13.2RC1. Two different patches are provided: - a first one to fix the CSRF problem - a more complex one that now relies on sending an email for the Forgot username process. ### Workarounds It\u0027s possible to fix the problem without uprading by editing the ForgotUsername page in version below 13.x, to use the following code: https://github.com/xwiki/xwiki-platform/blob/69548c0320cbd772540cf4668743e69f879812cf/xwiki-platform-core/xwiki-platform-administration/xwiki-platform-administration-ui/src/main/resources/XWiki/ForgotUsername.xml#L39-L123 In version after 13.x it\u0027s also possible to edit manually the forgotusername.vm file, but it\u0027s really encouraged to upgrade the version here. ### References * https://jira.xwiki.org/browse/XWIKI-18384 * https://jira.xwiki.org/browse/XWIKI-18408 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:security@xwiki.org)"
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vh5c-jqfg-mhrh"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/69548c0320cbd772540cf4668743e69f879812cf",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/69548c0320cbd772540cf4668743e69f879812cf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f0440dfcbba705e03f7565cd88893dde57ca3fa8",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/f0440dfcbba705e03f7565cd88893dde57ca3fa8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18384",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18384"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18408",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18408"
}
]
},
"source": {
"advisory": "GHSA-vh5c-jqfg-mhrh",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32732",
"datePublished": "2022-02-04T22:15:13",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:33:54.749Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36096
Vulnerability from cvelistv5
Published
2022-09-08 20:30
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it's possible to store JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3. As a workaround, modify fix the vulnerability by editing the wiki page `XWiki.DeletedAttachments` with the object editor, open the `JavaScriptExtension` object and apply on the content the changes that can be found on the fix commit.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gjmq-x5x7-wc36 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/6705b0cd0289d1c90ed354bd4ecc1508c4b25745 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19613 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.2-milestone-1, < 13.10.6 Version: >= 14.0, < 14.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.528Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gjmq-x5x7-wc36"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6705b0cd0289d1c90ed354bd4ecc1508c4b25745"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19613"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2-milestone-1, \u003c 13.10.6"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it\u0027s possible to store JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3. As a workaround, modify fix the vulnerability by editing the wiki page `XWiki.DeletedAttachments` with the object editor, open the `JavaScriptExtension` object and apply on the content the changes that can be found on the fix commit."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:30:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gjmq-x5x7-wc36"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/6705b0cd0289d1c90ed354bd4ecc1508c4b25745"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19613"
}
],
"source": {
"advisory": "GHSA-gjmq-x5x7-wc36",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36096",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform vulnerable to Cross-site Scripting in the deleted attachments list"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.2-milestone-1, \u003c 13.10.6"
},
{
"version_value": "\u003e= 14.0, \u003c 14.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The XWiki Platform Index UI is an Index of all pages, attachments, orphans and deleted pages and attachments for XWiki Platform, a generic wiki platform. Prior to versions 13.10.6 and 14.3, it\u0027s possible to store JavaScript which will be executed by anyone viewing the deleted attachments index with an attachment containing javascript in its name. This issue has been patched in XWiki 13.10.6 and 14.3. As a workaround, modify fix the vulnerability by editing the wiki page `XWiki.DeletedAttachments` with the object editor, open the `JavaScriptExtension` object and apply on the content the changes that can be found on the fix commit."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:L",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gjmq-x5x7-wc36",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gjmq-x5x7-wc36"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/6705b0cd0289d1c90ed354bd4ecc1508c4b25745",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/6705b0cd0289d1c90ed354bd4ecc1508c4b25745"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19613",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19613"
}
]
},
"source": {
"advisory": "GHSA-gjmq-x5x7-wc36",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36096",
"datePublished": "2022-09-08T20:30:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.528Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29509
Vulnerability from cvelistv5
Published
2023-04-16 07:04
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `documentTree` macro parameters in This macro is installed by default in `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20279 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.2-rc-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.294Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20279",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20279"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2-rc-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with view rights on commonly accessible documents can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the `documentTree` macro parameters in This macro is installed by default in `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T07:04:17.561Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4v8-58f6-mwj4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/80d5be36f700adcd56b6c8eb3ed8b973f62ec0ae"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20279",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20279"
}
],
"source": {
"advisory": "GHSA-f4v8-58f6-mwj4",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29509",
"datePublished": "2023-04-16T07:04:17.561Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.294Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26473
Vulnerability from cvelistv5
Published
2023-03-02 18:17
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-19523 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.3-rc-1, < 13.10.11 Version: >= 14.0, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.768Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19523",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19523"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.3-rc-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:17:09.152Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19523",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19523"
}
],
"source": {
"advisory": "GHSA-vpx4-7rfp-h545",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform allows unprivileged users to make arbitrary select queries using DatabaseListProperty and suggest.vm"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26473",
"datePublished": "2023-03-02T18:17:09.152Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:52.768Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-21379
Vulnerability from cvelistv5
Published
2021-03-12 17:30
Modified
2024-08-03 18:09
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-17759 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.4.0, < 11.10.11 Version: >= 12.0.0, < 12.6.3 Version: >= 12.7.0, < 12.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T18:09:15.922Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17759"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.4.0, \u003c 11.10.11"
},
{
"status": "affected",
"version": "\u003e= 12.0.0, \u003c 12.6.3"
},
{
"status": "affected",
"version": "\u003e= 12.7.0, \u003c 12.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281 Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-12T17:30:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17759"
}
],
"source": {
"advisory": "GHSA-v662-xpcc-9xf6",
"discovery": "UNKNOWN"
},
"title": "It\u0027s possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-21379",
"STATE": "PUBLIC",
"TITLE": "It\u0027s possible to execute anything with the rights of the author of a macro which uses the {{wikimacrocontent}} macro"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 11.4.0, \u003c 11.10.11"
},
{
"version_value": "\u003e= 12.0.0, \u003c 12.6.3"
},
{
"version_value": "\u003e= 12.7.0, \u003c 12.8-rc-1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform, the `{{wikimacrocontent}}` executes the content with the rights of the wiki macro author instead of the caller of that wiki macro. This makes possible to inject scripts through it and they will be executed with the rights of the wiki macro (very often a user which has Programming rights). Fortunately, no such macro exists by default in XWiki Standard but one could have been created or installed with an extension. This vulnerability has been patched in versions XWiki 12.6.3, 11.10.11 and 12.8-rc-1. There is no easy workaround other than disabling the affected macros. Inserting content in a safe way or knowing what is the user who called the wiki macro is not easy."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-281 Improper Preservation of Permissions"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17759",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17759"
}
]
},
"source": {
"advisory": "GHSA-v662-xpcc-9xf6",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-21379",
"datePublished": "2021-03-12T17:30:15",
"dateReserved": "2020-12-22T00:00:00",
"dateUpdated": "2024-08-03T18:09:15.922Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32621
Vulnerability from cvelistv5
Published
2021-05-28 21:05
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-17794 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc | x_refsource_MISC | |
| https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 12.6.7 Version: >= 12.10.0, < 12.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.541Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17794"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 12.6.7"
},
{
"status": "affected",
"version": "\u003e= 12.10.0, \u003c 12.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-25T13:14:46",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17794"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html"
}
],
"source": {
"advisory": "GHSA-h353-hc43-95vc",
"discovery": "UNKNOWN"
},
"title": "Script injection without script or programming rights through Gadget titles",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32621",
"STATE": "PUBLIC",
"TITLE": "Script injection without script or programming rights through Gadget titles"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 12.6.7"
},
{
"version_value": "\u003e= 12.10.0, \u003c 12.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 12.6.7 and 12.10.3, a user without Script or Programming right is able to execute script requiring privileges by editing gadget titles in the dashboard. The issue has been patched in XWiki 12.6.7, 12.10.3 and 13.0RC1."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h353-hc43-95vc"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17794",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17794"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/bb7068bd911f91e5511f3cfb03276c7ac81100bc"
},
{
"name": "https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html",
"refsource": "MISC",
"url": "https://jay-from-future.github.io/cve/2021/06/17/xwiki-rce-cve.html"
}
]
},
"source": {
"advisory": "GHSA-h353-hc43-95vc",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32621",
"datePublished": "2021-05-28T21:05:11",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.541Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-34464
Vulnerability from cvelistv5
Published
2023-06-23 14:44
Modified
2024-12-05 16:04
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user's rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20290 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: org.xwiki.platform:xwiki-platform-web >= 2.2.1, < 14.4.8 Version: org.xwiki.platform:xwiki-platform-web-templates < 14.4.8 Version: org.xwiki.platform:xwiki-platform-web-templates >= 14.5, < 14.10.5 Version: org.xwiki.platform:xwiki-platform-web-templates >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:10:07.282Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20290",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20290"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-34464",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-05T16:04:11.011700Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-05T16:04:28.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web \u003e= 2.2.1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web-templates \u003c 14.4.8"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web-templates \u003e= 14.5, \u003c 14.10.5"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-web-templates \u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.2.1 until versions 14.4.8, 14.10.5, and 15.1RC1 of org.xwiki.platform:xwiki-platform-web and any version prior to 14.4.8, 14.10.5, and 15.1.RC1 of org.xwiki.platform:xwiki-platform-web-templates, any user who can edit a document in a wiki like the user profile can create a stored cross-site scripting attack. The attack occurs by putting plain HTML code into that document and then tricking another user to visit that document with the `displaycontent` or `rendercontent` template and plain output syntax. If a user with programming rights is tricked into visiting such a URL, arbitrary actions be performed with this user\u0027s rights, impacting the confidentiality, integrity, and availability of the whole XWiki installation. This has been patched in XWiki 14.4.8, 14.10.5 and 15.1RC1 by setting the content type of the response to plain text when the output syntax is not an HTML syntax."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T14:44:47.064Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp7h-f9f5-x4q7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/53e8292a31ec70fba5e1d705a4ac443658b9e6df"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20290",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20290"
}
],
"source": {
"advisory": "GHSA-fp7h-f9f5-x4q7",
"discovery": "UNKNOWN"
},
"title": "XWiki vulnerable to stored cross-site scripting via any wiki document and the displaycontent/rendercontent template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-34464",
"datePublished": "2023-06-23T14:44:47.064Z",
"dateReserved": "2023-06-06T16:16:53.560Z",
"dateUpdated": "2024-12-05T16:04:28.946Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46244
Vulnerability from cvelistv5
Published
2023-11-07 19:04
Modified
2024-09-12 19:13
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20624 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20625 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.2-milestone-3, < 14.10.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.146Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20624",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20624"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20625",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20625"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46244",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T16:21:45.991331Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:13:37.261Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2-milestone-3, \u003c 14.10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T19:04:44.532Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-rmxw-c48h-2vf5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/11a9170dfe63e59f4066db67f84dbfce4ed619c6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20624",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20624"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20625",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20625"
}
],
"source": {
"advisory": "GHSA-rmxw-c48h-2vf5",
"discovery": "UNKNOWN"
},
"title": "Privilege escalation in Xwiki platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46244",
"datePublished": "2023-11-07T19:04:44.532Z",
"dateReserved": "2023-10-19T20:34:00.947Z",
"dateUpdated": "2024-09-12T19:13:37.261Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2020-15252
Vulnerability from cvelistv5
Published
2020-10-16 16:55
Modified
2024-08-04 13:08
Severity ?
EPSS score ?
Summary
In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-17141 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-17423 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.0, < 12.5 Version: < 11.10.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T13:08:23.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17141"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.0, \u003c 12.5"
},
{
"status": "affected",
"version": "\u003c 11.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "{\"CWE-94\":\"Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-10-16T16:55:17",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17141"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17423"
}
],
"source": {
"advisory": "GHSA-5hv6-mh8q-q9v8",
"discovery": "UNKNOWN"
},
"title": "RCE in XWiki",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2020-15252",
"STATE": "PUBLIC",
"TITLE": "RCE in XWiki"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 12.0, \u003c 12.5"
},
{
"version_value": "\u003c 11.10.6"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In XWiki before version 12.5 and 11.10.6, any user with SCRIPT right (EDIT right before XWiki 7.4) can gain access to the application server Servlet context which contains tools allowing to instantiate arbitrary Java objects and invoke methods that may lead to arbitrary code execution. This is patched in XWiki 12.5 and XWiki 11.10.6."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "{\"CWE-94\":\"Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5hv6-mh8q-q9v8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17141",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17141"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17423",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17423"
}
]
},
"source": {
"advisory": "GHSA-5hv6-mh8q-q9v8",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2020-15252",
"datePublished": "2020-10-16T16:55:17",
"dateReserved": "2020-06-25T00:00:00",
"dateUpdated": "2024-08-04T13:08:23.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37913
Vulnerability from cvelistv5
Published
2023-10-25 17:59
Modified
2024-09-12 20:46
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment's content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn't remove `/` or `\` from the filename. As the mime type of the attachment doesn't matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20715 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.5-milestone-1, < 14.10.8 Version: >= 15.0-rc-1, < 15.3-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:23:27.718Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20715",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20715"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37913",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-10T18:32:37.490648Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T20:46:58.102Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.5-milestone-1, \u003c 14.10.8"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.3-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 3.5-milestone-1 and prior to versions 14.10.8 and 15.3-rc-1, triggering the office converter with a specially crafted file name allows writing the attachment\u0027s content to an attacker-controlled location on the server as long as the Java process has write access to that location. In particular in the combination with attachment moving, a feature introduced in XWiki 14.0, this is easy to reproduce but it also possible to reproduce in versions as old as XWiki 3.5 by uploading the attachment through the REST API which doesn\u0027t remove `/` or `\\` from the filename. As the mime type of the attachment doesn\u0027t matter for the exploitation, this could e.g., be used to replace the `jar`-file of an extension which would allow executing arbitrary Java code and thus impact the confidentiality, integrity and availability of the XWiki installation. This vulnerability has been patched in XWiki 14.10.8 and 15.3RC1. There are no known workarounds apart from disabling the office converter."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-23",
"description": "CWE-23: Relative Path Traversal",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-10-25T21:08:21.515Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vcvr-v426-3m3m"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/45d182a4141ff22f3ff289cf71e4669bdc714544"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20715",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20715"
}
],
"source": {
"advisory": "GHSA-vcvr-v426-3m3m",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-office-importer vulnerable to arbitrary server side file writing from account through office converter"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37913",
"datePublished": "2023-10-25T17:59:46.290Z",
"dateReserved": "2023-07-10T17:51:29.611Z",
"dateUpdated": "2024-09-12T20:46:58.102Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50719
Vulnerability from cvelistv5
Published
2023-12-15 19:02
Modified
2024-10-08 14:15
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21208 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.2-milestone-2, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.2 Version: >= 15.6-rc-1, < 15.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.278Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21208",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21208"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-50719",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-08T14:15:05.939465Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-08T14:15:20.992Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.2-milestone-2, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren\u0027t accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-359",
"description": "CWE-359: Exposure of Private Personal Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:40.905Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21208",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21208"
}
],
"source": {
"advisory": "GHSA-p6cp-6r35-32mh",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Solr search discloses password hashes of all users"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50719",
"datePublished": "2023-12-15T19:02:40.905Z",
"dateReserved": "2023-12-11T17:53:36.030Z",
"dateUpdated": "2024-10-08T14:15:20.992Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-43401
Vulnerability from cvelistv5
Published
2024-08-19 16:24
Modified
2024-08-21 14:23
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20331 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21311 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21481 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21482 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21483 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21484 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21485 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21486 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21487 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21488 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21489 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21490 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 15.10-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.10-rc-1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-43401",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-08-21T14:22:37.541699Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-21T14:23:29.403Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 15.10-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time. This vulnerability has been patched in XWiki 15.10RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-08-19T16:24:29.698Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20331",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20331"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21311",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21311"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21481",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21481"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21482",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21482"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21483",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21483"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21484",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21484"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21485",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21485"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21486",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21486"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21487",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21487"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21488",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21488"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21489",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21489"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21490",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21490"
}
],
"source": {
"advisory": "GHSA-f963-4cq8-2gw7",
"discovery": "UNKNOWN"
},
"title": "In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-43401",
"datePublished": "2024-08-19T16:24:29.698Z",
"dateReserved": "2024-08-12T18:02:04.965Z",
"dateUpdated": "2024-08-21T14:23:29.403Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35162
Vulnerability from cvelistv5
Published
2023-06-23 18:52
Modified
2024-11-29 14:25
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: > <hostname>/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart&vm=previewactions.vm&xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20342 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.1-rc-1, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.521Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20342",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20342"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35162",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:25:38.431396Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:25:46.790Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.1-rc-1, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the previewactions template to perform a XSS, e.g. by using URL such as: \u003e \u003chostname\u003e/xwiki/bin/get/FlamingoThemes/Cerulean xpage=xpart\u0026vm=previewactions.vm\u0026xcontinue=javascript:alert(document.domain). This vulnerability exists since XWiki 6.1-rc-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:52:19.725Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-q9hg-9qj2-mxf9"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9f01166b1a8ee9639666099eb5040302df067e4d"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20342",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20342"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
}
],
"source": {
"advisory": "GHSA-q9hg-9qj2-mxf9",
"discovery": "UNKNOWN"
},
"title": "XPlatform Wiki vulnerable to cross-site scripting via xcontinue parameter in preview actions template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35162",
"datePublished": "2023-06-23T18:52:19.725Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-29T14:25:46.790Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29510
Vulnerability from cvelistv5
Published
2023-04-18 23:42
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user's own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don't have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19749 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.409Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19749",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19749"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In XWiki, every user can add translations that are only applied to the current user. This also allows overriding existing translations. Such translations are often included in privileged contexts without any escaping which allows remote code execution for any user who has edit access on at least one document which could be the user\u0027s own profile where edit access is enabled by default. A mitigation for this vulnerability is part of XWiki 14.10.2 and XWiki 15.0 RC1: translations with user scope now require script right. This means that regular users cannot exploit this anymore as users don\u0027t have script right by default anymore starting with XWiki 14.10. There are no known workarounds apart from upgrading to a patched versions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:42:44.396Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4v38-964c-xjmw"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d06ff8a58480abc7f63eb1d4b8b366024d990643"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19749",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19749"
}
],
"source": {
"advisory": "GHSA-4v38-964c-xjmw",
"discovery": "UNKNOWN"
},
"title": "Code injection via unescaped translations in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29510",
"datePublished": "2023-04-18T23:42:44.396Z",
"dateReserved": "2023-04-07T18:56:54.626Z",
"dateUpdated": "2024-08-02T14:07:46.409Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29523
Vulnerability from cvelistv5
Published
2023-04-18 23:09
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c | x_refsource_MISC | |
| https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20327 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.3-milestone-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.224Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c"
},
{
"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20327",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20327"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3-milestone-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can edit their own user profile can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The same vulnerability can also be exploited in other contexts where the `display` method on a document is used to display a field with wiki syntax, for example in applications created using `App Within Minutes`. This has been patched in XWiki 13.10.11, 14.4.8, 14.10.2 and 15.0RC1. There is no workaround apart from upgrading."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:09:46.711Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x764-ff8r-9hpx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0d547181389f7941e53291af940966413823f61c"
},
{
"name": "https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application",
"tags": [
"x_refsource_MISC"
],
"url": "https://extensions.xwiki.org/xwiki/bin/view/Extension/App%20Within%20Minutes%20Application"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20327",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20327"
}
],
"source": {
"advisory": "GHSA-x764-ff8r-9hpx",
"discovery": "UNKNOWN"
},
"title": "Code injection in display method used in user profiles in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29523",
"datePublished": "2023-04-18T23:09:46.711Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:07:46.224Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35156
Vulnerability from cvelistv5
Published
2023-06-23 18:19
Modified
2024-11-27 20:12
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the delete template to perform a XSS, e.g. by using URL such as: > xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart&vm=delete.vm&xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn't enough to entirely fix the vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20341 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20672 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.0-rc-1, < 14.10.6 Version: >= 15.0-rc-0, < 15.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.439Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20341",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20341"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20672",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20672"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35156",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:12:08.365657Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:12:17.092Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0-rc-1, \u003c 14.10.6"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-0, \u003c 15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the delete template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/get/FlamingoThemes/Cerulean?xpage=xpart\u0026vm=delete.vm\u0026xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 6.0-rc-1. The vulnerability has been patched in XWiki 14.10.6 and 15.1. Note that a partial patch has been provided in 14.10.5 but wasn\u0027t enough to entirely fix the vulnerability. \n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:19:56.802Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-834c-x29c-f42c"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/13875a6437d4525ac4aeea25918f2d2dffac9ee1"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/24ec12890ac7fa6daec8d0b3435cfcba11362fd5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e80d22d193df364b07bab7925572720f91a8984a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20341",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20341"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20672",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20672"
}
],
"source": {
"advisory": "GHSA-834c-x29c-f42c",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in delete template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35156",
"datePublished": "2023-06-23T18:19:56.802Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:12:17.092Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31464
Vulnerability from cvelistv5
Published
2024-04-10 18:14
Modified
2024-08-13 13:37
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it's not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn't be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v782-xr4w-3vqx | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/955fb097e02a2a7153f527522ee9eef42447e5d7 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19948 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.0-rc-1, < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.9-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "5.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.9-rc-1",
"status": "affected",
"version": "15.6-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31464",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-04-12T16:30:17.288017Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:37:19.841Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:52:57.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v782-xr4w-3vqx",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v782-xr4w-3vqx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/955fb097e02a2a7153f527522ee9eef42447e5d7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/955fb097e02a2a7153f527522ee9eef42447e5d7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19948",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19948"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.0-rc-1, \u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.9-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it\u0027s possible for an attacker to have access to the hash password of a user if they have rights to edit the users\u0027 page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles, except by users with Admin rights. Note that this vulnerability also impacts any extensions that might use passwords stored in xobjects: for those usecases it depends on the right of those pages. There is currently no way to be 100% sure that this vulnerability has been exploited, as an attacker with enough privilege could have deleted the revision where the xobject was deleted after rolling-back the deletion. But again, this operation requires high privileges on the target page (Admin right). A page with a user password xobject which have in its history a revision where the object has been deleted should be considered at risk and the password should be changed there. a diff, to ensure it\u0027s not coming from a password field. As another mitigation, admins should ensure that the user pages are properly protected: the edit right shouldn\u0027t be allowed for other users than Admin and owner of the profile (which is the default right). There is not much workaround possible for a privileged user other than upgrading XWiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T18:14:37.224Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v782-xr4w-3vqx",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v782-xr4w-3vqx"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/955fb097e02a2a7153f527522ee9eef42447e5d7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/955fb097e02a2a7153f527522ee9eef42447e5d7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f1eaec1e512220fabd970d053c627e435a1652cf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19948",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19948"
}
],
"source": {
"advisory": "GHSA-v782-xr4w-3vqx",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31464",
"datePublished": "2024-04-10T18:14:37.224Z",
"dateReserved": "2024-04-03T17:55:32.647Z",
"dateUpdated": "2024-08-13T13:37:19.841Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-31986
Vulnerability from cvelistv5
Published
2024-04-10 20:27
Modified
2024-08-02 01:59
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21416 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.1, < 14.10.19 Version: >= 15.0-rc-1, < 15.5.4 Version: >= 15.6-rc-1, < 15.9 |
|
|
|||
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:3.1:-:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.19",
"status": "affected",
"version": "3.1",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.5.4",
"status": "affected",
"version": "15.0",
"versionType": "custom"
}
]
},
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThan": "15.9",
"status": "affected",
"version": "15.6",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-31986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-19T14:43:39.388902Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-19T21:06:21.946Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T01:59:50.842Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21416",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21416"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.1, \u003c 14.10.19"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.4"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-04-10T20:27:29.600Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21416",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21416"
}
],
"source": {
"advisory": "GHSA-37m4-hqxv-w26g",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform CSRF remote code execution through scheduler job\u0027s document reference"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-31986",
"datePublished": "2024-04-10T20:27:29.600Z",
"dateReserved": "2024-04-08T13:48:37.490Z",
"dateUpdated": "2024-08-02T01:59:50.842Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2021-32620
Vulnerability from cvelistv5
Published
2021-05-28 21:05
Modified
2024-08-03 23:25
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-76mp-659p-rw65 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-17942 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/f9a677408ffb06f309be46ef9d8df1915d9099a4 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 11.10.13 Version: >= 12.6.0, < 12.6.7 Version: >= 12.10.0, < 12.10.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T23:25:30.545Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-76mp-659p-rw65"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17942"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f9a677408ffb06f309be46ef9d8df1915d9099a4"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 11.10.13"
},
{
"status": "affected",
"version": "\u003e= 12.6.0, \u003c 12.6.7"
},
{
"status": "affected",
"version": "\u003e= 12.10.0, \u003c 12.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-285",
"description": "CWE-285: Improper Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-06-07T11:11:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-76mp-659p-rw65"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-17942"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f9a677408ffb06f309be46ef9d8df1915d9099a4"
}
],
"source": {
"advisory": "GHSA-76mp-659p-rw65",
"discovery": "UNKNOWN"
},
"title": "Users registered with email verification can self re-activate their disabled accounts",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2021-32620",
"STATE": "PUBLIC",
"TITLE": "Users registered with email verification can self re-activate their disabled accounts"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 11.10.13"
},
{
"version_value": "\u003e= 12.6.0, \u003c 12.6.7"
},
{
"version_value": "\u003e= 12.10.0, \u003c 12.10.2"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 11.10.13, 12.6.7, and 12.10.2, a user disabled on a wiki using email verification for registration canouldre-activate themself by using the activation link provided for his registration. The problem has been patched in the following versions of XWiki: 11.10.13, 12.6.7, 12.10.2, 13.0. It is possible to workaround the issue by resetting the `validkey` property of the disabled XWiki users. This can be done by editing the user profile with object editor."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-285: Improper Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-76mp-659p-rw65",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-76mp-659p-rw65"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-17942",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-17942"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f9a677408ffb06f309be46ef9d8df1915d9099a4",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/f9a677408ffb06f309be46ef9d8df1915d9099a4"
}
]
},
"source": {
"advisory": "GHSA-76mp-659p-rw65",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2021-32620",
"datePublished": "2021-05-28T21:05:15",
"dateReserved": "2021-05-12T00:00:00",
"dateUpdated": "2024-08-03T23:25:30.545Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29251
Vulnerability from cvelistv5
Published
2022-05-25 20:55
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the "newThemeName" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vmhh-xh3g-j992 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19294 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.2.4, < 12.10.11 Version: >= 13.0, < 13.4.7 Version: >= 13.5, < 13.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.500Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vmhh-xh3g-j992"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19294"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.2.4, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0, \u003c 13.4.7"
},
{
"status": "affected",
"version": "\u003e= 13.5, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the \"newThemeName\" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-25T20:55:22",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vmhh-xh3g-j992"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19294"
}
],
"source": {
"advisory": "GHSA-vmhh-xh3g-j992",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in the Flamingo theme manager",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29251",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in the Flamingo theme manager"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2.4, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0, \u003c 13.4.7"
},
{
"version_value": "\u003e= 13.5, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Flamingo Theme UI is a tool that allows customization and preview of any Flamingo-based skin. Starting with versions 6.2.4 and 6.3-rc-1, a possible cross-site scripting vector is present in the `FlamingoThemesCode.WebHomeSheet` wiki page related to the \"newThemeName\" form field. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest available workaround is to edit the wiki page `FlamingoThemesCode.WebHomeSheet` (with wiki editor) according to the suggestion provided in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vmhh-xh3g-j992",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vmhh-xh3g-j992"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/bd935320bee3c27cf7548351b1d0f935f116d437"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19294",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19294"
}
]
},
"source": {
"advisory": "GHSA-vmhh-xh3g-j992",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29251",
"datePublished": "2022-05-25T20:55:22",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.500Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26475
Vulnerability from cvelistv5
Published
2023-03-02 18:07
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20360 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20384 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.3-milestone-1, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:54.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20360",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20360"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20384",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20384"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3-milestone-1, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 2.3-milestone-1, the annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. This has been patched in XWiki 13.10.11, 14.4.7 and 14.10. There is no easy workaround except to upgrade."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-270",
"description": "CWE-270: Privilege Context Switching Error",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269: Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:07:04.129Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h6f5-8jj5-cxhr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d87d7bfd8db18c20d3264f98c6deefeae93b99f7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20360",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20360"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20384",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20384"
}
],
"source": {
"advisory": "GHSA-h6f5-8jj5-cxhr",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to Remote Code Execution in Annotations"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26475",
"datePublished": "2023-03-02T18:07:04.129Z",
"dateReserved": "2023-02-23T23:22:58.573Z",
"dateUpdated": "2024-08-02T11:53:54.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29204
Vulnerability from cvelistv5
Published
2023-04-15 15:24
Modified
2024-08-02 14:00
Severity ?
EPSS score ?
Summary
XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 6.0-rc-1, < 13.10.10 Version: >= 14.0-rc-1, < 14.4.4 Version: >= 14.5, < 14.8-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:00:15.990Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-10309",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-10309"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19994",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19994"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 6.0-rc-1, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.4"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.8-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.7,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-601",
"description": "CWE-601: URL Redirection to Untrusted Site (\u0027Open Redirect\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-15T15:24:22.093Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-10309",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-10309"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19994",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19994"
}
],
"source": {
"advisory": "GHSA-xwph-x6xj-wggv",
"discovery": "UNKNOWN"
},
"title": "URL Redirection to Untrusted Site (\u0027Open Redirect\u0027) in org.xwiki.platform:xwiki-platform-oldcore"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29204",
"datePublished": "2023-04-15T15:24:22.093Z",
"dateReserved": "2023-04-03T13:37:18.454Z",
"dateUpdated": "2024-08-02T14:00:15.990Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-40573
Vulnerability from cvelistv5
Published
2023-08-24 01:31
Modified
2024-10-03 16:21
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn't modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with "Job content executed" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20852 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.10.9 Version: >= 1.3 Version: >= 15.0-rc-1, < 15.4-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T18:38:50.912Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20852",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20852"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.9",
"status": "affected",
"version": "1.3",
"versionType": "custom"
},
{
"lessThan": "15.4-rc-1",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-40573",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-03T16:19:41.951161Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-03T16:21:16.684Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.10.9"
},
{
"status": "affected",
"version": "\u003e= 1.3"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.4-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki supports scheduled jobs that contain Groovy scripts. Currently, the job checks the content author of the job for programming right. However, modifying or adding a job script to a document doesn\u0027t modify the content author. Together with a CSRF vulnerability in the job scheduler, this can be exploited for remote code execution by an attacker with edit right on the wiki. If the attack is successful, an error log entry with \"Job content executed\" will be produced. This vulnerability has been patched in XWiki 14.10.9 and 15.4RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-08-24T01:31:14.128Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20852",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20852"
}
],
"source": {
"advisory": "GHSA-8xhr-x3v8-rghj",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform\u0027s Groovy jobs check the wrong author, allowing remote code execution"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-40573",
"datePublished": "2023-08-24T01:31:14.128Z",
"dateReserved": "2023-08-16T18:24:02.390Z",
"dateUpdated": "2024-10-03T16:21:16.684Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36095
Vulnerability from cvelistv5
Published
2022-09-08 20:20
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one's filesystem, to apply the changes exposed there.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19550 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.0-milestone-1, < 13.10.5 Version: >= 14.0, < 14.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.553Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19550"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.0-milestone-1, \u003c 13.10.5"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one\u0027s filesystem, to apply the changes exposed there."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T20:20:13",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19550"
}
],
"source": {
"advisory": "GHSA-fxwr-4vq9-9vhj",
"discovery": "UNKNOWN"
},
"title": "XWiki Cross-Site Request Forgery (CSRF) for actions on tags",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36095",
"STATE": "PUBLIC",
"TITLE": "XWiki Cross-Site Request Forgery (CSRF) for actions on tags"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 2.0-milestone-1, \u003c 13.10.5"
},
{
"version_value": "\u003e= 14.0, \u003c 14.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the `documentTags.vm` template in one\u0027s filesystem, to apply the changes exposed there."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-352: Cross-Site Request Forgery (CSRF)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fxwr-4vq9-9vhj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19550",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19550"
}
]
},
"source": {
"advisory": "GHSA-fxwr-4vq9-9vhj",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36095",
"datePublished": "2022-09-08T20:20:13",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.553Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23617
Vulnerability from cvelistv5
Published
2022-02-09 21:00
Modified
2024-08-03 03:51
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18430 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.0.0, < 13.2-rc-1 Version: < 12.10.6 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:51:44.190Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18430"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.2-rc-1"
},
{
"status": "affected",
"version": "\u003c 12.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T21:00:14",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18430"
}
],
"source": {
"advisory": "GHSA-gf7x-2j2x-7f73",
"discovery": "UNKNOWN"
},
"title": "Missing authorization in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23617",
"STATE": "PUBLIC",
"TITLE": "Missing authorization in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 13.0.0, \u003c 13.2-rc-1"
},
{
"version_value": "\u003c 12.10.6"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-862: Missing Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18430",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18430"
}
]
},
"source": {
"advisory": "GHSA-gf7x-2j2x-7f73",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23617",
"datePublished": "2022-02-09T21:00:14",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:51:44.190Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46242
Vulnerability from cvelistv5
Published
2023-11-07 19:08
Modified
2024-09-12 19:13
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20386 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.0, < 14.10.7 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:37:40.144Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20386",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20386"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46242",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-04T16:19:57.753688Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-12T19:13:07.411Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 14.10.7"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it\u0027s possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-07T19:08:09.068Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20386",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20386"
}
],
"source": {
"advisory": "GHSA-hgpw-6p4h-j6h5",
"discovery": "UNKNOWN"
},
"title": "Code injection in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46242",
"datePublished": "2023-11-07T19:08:09.068Z",
"dateReserved": "2023-10-19T20:34:00.947Z",
"dateUpdated": "2024-09-12T19:13:07.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-23615
Vulnerability from cvelistv5
Published
2022-02-09 20:35
Modified
2024-08-03 03:43
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-5024 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.0, < 13.0 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T03:43:46.758Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.0, \u003c 13.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-02-09T20:35:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
],
"source": {
"advisory": "GHSA-f4cj-3q3h-884r",
"discovery": "UNKNOWN"
},
"title": "Partial authorization bypass on document save in xwiki-platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23615",
"STATE": "PUBLIC",
"TITLE": "Partial authorization bypass on document save in xwiki-platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 1.0, \u003c 13.0"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-863: Incorrect Authorization"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884r"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46a1c9bbbe"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-5024",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-5024"
}
]
},
"source": {
"advisory": "GHSA-f4cj-3q3h-884r",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-23615",
"datePublished": "2022-02-09T20:35:11",
"dateReserved": "2022-01-19T00:00:00",
"dateUpdated": "2024-08-03T03:43:46.758Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-27480
Vulnerability from cvelistv5
Published
2023-03-07 18:13
Modified
2024-08-02 12:09
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6v | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20320 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.1-milestone-3, < 13.10.11 Version: >= 14.0.0, < 14.4.7 Version: >= 14.5.0, < 14.10.0-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T12:09:43.503Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6v",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20320",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20320"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.1-milestone-3, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.0-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-611",
"description": "CWE-611: Improper Restriction of XML External Entity Reference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-07T18:13:39.799Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6v",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6v"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20320",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20320"
}
],
"source": {
"advisory": "GHSA-gx4f-976g-7g6v",
"discovery": "UNKNOWN"
},
"title": "Data leak through a XAR import XXE attack in xwiki-platform-xar-model"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-27480",
"datePublished": "2023-03-07T18:13:39.799Z",
"dateReserved": "2023-03-01T19:03:56.633Z",
"dateUpdated": "2024-08-02T12:09:43.503Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-36477
Vulnerability from cvelistv5
Published
2023-06-30 18:57
Modified
2024-12-04 17:05
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor' space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f | x_refsource_MISC | |
| https://jira.xwiki.org/browse/CKEDITOR-508 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20590 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: org.xwiki.contrib:application-ckeditor-ui: >= 1.9, < 1.64.9 Version: org.xwiki.platform:xwiki-platform-ckeditor-ui: >= 14.6-rc-1, < 14.10.6 Version: org.xwiki.platform:xwiki-platform-ckeditor-ui: >= 15.0, < 15.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:45:57.108Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f"
},
{
"name": "https://jira.xwiki.org/browse/CKEDITOR-508",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/CKEDITOR-508"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20590",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20590"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-36477",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-04T17:04:05.889088Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-04T17:05:21.052Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "org.xwiki.contrib:application-ckeditor-ui: \u003e= 1.9, \u003c 1.64.9"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-ckeditor-ui: \u003e= 14.6-rc-1, \u003c 14.10.6"
},
{
"status": "affected",
"version": "org.xwiki.platform:xwiki-platform-ckeditor-ui: \u003e= 15.0, \u003c 15.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights can edit all pages in the `CKEditor\u0027 space. This makes it possible to perform a variety of harmful actions, such as removing technical documents, leading to loss of service and editing the javascript configuration of CKEditor, leading to persistent XSS. This issue has been patched in XWiki 14.10.6 and XWiki 15.1. This issue has been patched on the CKEditor Integration extension 1.64.9 for XWiki version older than 14.6RC1. Users are advised to upgrade. Users unable to upgrade may manually address the issue by restricting the `edit` and `delete` rights to a trusted user or group (e.g. the `XWiki.XWikiAdminGroup` group), implicitly disabling those rights for all other users. See commit `9d9d86179` for details.\n\n\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-30T18:57:38.354Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-793w-g325-hrw2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9d9d86179457cb8dc48b4491510537878800be4f"
},
{
"name": "https://jira.xwiki.org/browse/CKEDITOR-508",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/CKEDITOR-508"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20590",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20590"
}
],
"source": {
"advisory": "GHSA-793w-g325-hrw2",
"discovery": "UNKNOWN"
},
"title": "Persistent Cross-site Scripting (XSS) through CKEditor Configuration pages in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-36477",
"datePublished": "2023-06-30T18:57:38.354Z",
"dateReserved": "2023-06-21T18:50:41.704Z",
"dateUpdated": "2024-12-04T17:05:21.052Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29521
Vulnerability from cvelistv5
Published
2023-04-18 23:36
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20260 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.225Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20260",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20260"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of `Macro.VFSTreeMacro`. This page is not installed by default.This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.2, 14.4.8, 13.10.11. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:36:16.529Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p67q-h88v-5jgr"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/fad02328f5ec7ab7fe5b932ffb5bc5c1ba7a5b12"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20260",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20260"
}
],
"source": {
"advisory": "GHSA-p67q-h88v-5jgr",
"discovery": "UNKNOWN"
},
"title": "Code injection from account/view through VFS Tree macro in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29521",
"datePublished": "2023-04-18T23:36:16.529Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:07:46.225Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37462
Vulnerability from cvelistv5
Published
2023-07-14 20:39
Modified
2024-10-30 18:31
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20457 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.0-rc-1, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:16:30.141Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20457",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20457"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37462",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-10-30T18:31:20.145080Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-10-30T18:31:34.487Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.0-rc-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Improper escaping in the document `SkinsCode.XWikiSkinsSheet` leads to an injection vector from view right on that document to programming rights, or in other words, it is possible to execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. It is possible to check if an existing installation is vulnerable. See the linked GHSA for instructions on testing an installation. This issue has been patched in XWiki 14.4.8, 14.10.4 and 15.0-rc-1. Users are advised to upgrade. The fix commit `d9c88ddc` can also be applied manually to the impacted document `SkinsCode.XWikiSkinsSheet` and users unable to upgrade are advised to manually patch their installations."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-14T20:39:05.941Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h4vp-69r8-gvjg"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d9c88ddc4c0c78fa534bd33237e95dea66003d29"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20457",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20457"
}
],
"source": {
"advisory": "GHSA-h4vp-69r8-gvjg",
"discovery": "UNKNOWN"
},
"title": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in org.xwiki.platform:xwiki-platform-skin-ui"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37462",
"datePublished": "2023-07-14T20:39:05.941Z",
"dateReserved": "2023-07-06T13:01:36.997Z",
"dateUpdated": "2024-10-30T18:31:34.487Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-24821
Vulnerability from cvelistv5
Published
2022-04-08 18:55
Modified
2024-08-03 04:20
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There's no easy workaround for this issue, administrators should upgrade their wiki.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-19155 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: > 3.1M1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T04:20:50.511Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19155"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e 3.1M1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There\u0027s no easy workaround for this issue, administrators should upgrade their wiki."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-648",
"description": "CWE-648: Incorrect Use of Privileged APIs",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-04-08T18:55:09",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19155"
}
],
"source": {
"advisory": "GHSA-ghcq-472w-vf4h",
"discovery": "UNKNOWN"
},
"title": "Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-24821",
"STATE": "PUBLIC",
"TITLE": "Incorrect Use of Privileged APIs in org.xwiki.platform.skin.skinx"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e 3.1M1"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Simple users can create global SSX/JSX without specific rights: in theory only users with Programming Rights should be allowed to create SSX or JSX that are executed everywhere on a wiki. But a bug allow anyone with edit rights to actually create those. This issue has been patched in XWiki 13.10-rc-1, 12.10.11 and 13.4.6. There\u0027s no easy workaround for this issue, administrators should upgrade their wiki."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-648: Incorrect Use of Privileged APIs"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-ghcq-472w-vf4h"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19155",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19155"
}
]
},
"source": {
"advisory": "GHSA-ghcq-472w-vf4h",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-24821",
"datePublished": "2022-04-08T18:55:10",
"dateReserved": "2022-02-10T00:00:00",
"dateUpdated": "2024-08-03T04:20:50.511Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29522
Vulnerability from cvelistv5
Published
2023-04-18 23:38
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20456 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 14.4.8 Version: >= 14.5.0, < 14.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.251Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20456",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20456"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights can execute arbitrary script macros including Groovy and Python macros that allow remote code execution including unrestricted read and write access to all wiki contents. The attack works by opening a non-existing page with a name crafted to contain a dangerous payload. This issue has been patched in XWiki 14.4.8, 14.10.3 and 15.0RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:38:22.571Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mjw9-3f9f-jq2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/d7e56185376641ee5d66477c6b2791ca8e85cfee"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20456",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20456"
}
],
"source": {
"advisory": "GHSA-mjw9-3f9f-jq2w",
"discovery": "UNKNOWN"
},
"title": "Code injection from view right on XWiki.ClassSheet in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29522",
"datePublished": "2023-04-18T23:38:22.571Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:07:46.251Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-37277
Vulnerability from cvelistv5
Published
2023-07-10 16:11
Modified
2024-11-08 17:46
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20135 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 1.8, < 14.10.8 Version: >= 15.0-rc-1, < 15.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:09:34.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20135",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20135"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-37277",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-08T17:46:29.530101Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-08T17:46:35.975Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.8, \u003c 14.10.8"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The REST API allows executing all actions via POST requests and accepts `text/plain`, `multipart/form-data` or `application/www-form-urlencoded` as content types which can be sent via regular HTML forms, thus allowing cross-site request forgery. With the interaction of a user with programming rights, this allows remote code execution through script macros and thus impacts the integrity, availability and confidentiality of the whole XWiki installation. For regular cookie-based authentication, the vulnerability is mitigated by SameSite cookie restrictions but as of March 2023, these are not enabled by default in Firefox and Safari. The vulnerability has been patched in XWiki 14.10.8 and 15.2 by requiring a CSRF token header for certain request types that are susceptible to CSRF attacks.\n\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-07-10T16:11:14.120Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6xxr-648m-gch6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/4c175405faa0e62437df397811c7526dfc0fbae7"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20135",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20135"
}
],
"source": {
"advisory": "GHSA-6xxr-648m-gch6",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to cross-site request forgery (CSRF) via the REST API"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-37277",
"datePublished": "2023-07-10T16:11:14.120Z",
"dateReserved": "2023-06-29T19:35:26.440Z",
"dateUpdated": "2024-11-08T17:46:35.975Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50732
Vulnerability from cvelistv5
Published
2023-12-21 19:42
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20625 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 8.3-rc-1, < 14.10.7 Version: >= 15.0-rc-1, < 15.2-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20625",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20625"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 8.3-rc-1, \u003c 14.10.7"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.2-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to execute a Velocity script without script right through the document tree. This has been patched in XWiki 14.10.7 and 15.2RC1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 8.3,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-21T19:42:01.215Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p5f8-qf24-24cj"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/41d7dca2d30084966ca6a7ee537f39ee8354a7e3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20625",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20625"
}
],
"source": {
"advisory": "GHSA-p5f8-qf24-24cj",
"discovery": "UNKNOWN"
},
"title": "Velocity execution without script right through tree macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50732",
"datePublished": "2023-12-21T19:42:01.215Z",
"dateReserved": "2023-12-11T17:53:36.032Z",
"dateUpdated": "2024-08-02T22:16:47.254Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-46732
Vulnerability from cvelistv5
Published
2023-11-06 18:45
Modified
2024-09-05 13:31
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21095 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 9.7-rc-1, < 14.10.14 Version: >= 15.0-rc-1, < 15.5.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T20:53:20.797Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21095",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21095"
}
],
"title": "CVE Program Container"
},
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki-platform:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"lessThan": "14.10.14",
"status": "affected",
"version": "9.7-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.5.1",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-46732",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-05T13:27:18.933911Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-05T13:31:18.349Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 9.7-rc-1, \u003c 14.10.14"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to reflected cross-site scripting (RXSS) via the `rev` parameter that is used in the content of the content menu without escaping. If an attacker can convince a user to visit a link with a crafted parameter, this allows the attacker to execute arbitrary actions in the name of the user, including remote code (Groovy) execution in the case of a user with programming right, compromising the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.6 RC1, 15.5.1 and 14.10.14. The patch in commit `04e325d57` can be manually applied without upgrading (or restarting) the instance. Users are advised to upgrade or to manually apply the patch. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-11-06T18:45:03.543Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9rc-w3wv-fv62"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/04e325d57d4bcb6ab79bddcafbb19032474c2a55"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21095",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21095"
}
],
"source": {
"advisory": "GHSA-j9rc-w3wv-fv62",
"discovery": "UNKNOWN"
},
"title": "Reflected Cross-site scripting through revision parameter in content menu in XWiki Platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-46732",
"datePublished": "2023-11-06T18:45:03.543Z",
"dateReserved": "2023-10-25T14:30:33.752Z",
"dateUpdated": "2024-09-05T13:31:18.349Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-30537
Vulnerability from cvelistv5
Published
2023-04-16 07:06
Modified
2024-08-02 14:28
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20280 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 12.6.6, < 13.10.11 Version: >= 14.0-rc-1, < 14.4.7 Version: >= 14.5, < 14.10 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:28:51.686Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20280",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20280"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 12.6.6, \u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0-rc-1, \u003c 14.4.7"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with the right to add an object on a page can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the styles properties `FlamingoThemesCode.WebHome`. This page is installed by default. The vulnerability has been patched in XWiki versions 13.10.11, 14.4.7 and 14.10."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-16T07:06:43.764Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vrr8-fp7c-7qgp"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/df596f15368342236f8899ca122af8f3df0fe2e8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20280",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20280"
}
],
"source": {
"advisory": "GHSA-vrr8-fp7c-7qgp",
"discovery": "UNKNOWN"
},
"title": "org.xwiki.platform:xwiki-platform-flamingo-theme-ui vulnerable to privilege escalation"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-30537",
"datePublished": "2023-04-16T07:06:43.764Z",
"dateReserved": "2023-04-12T15:19:33.766Z",
"dateUpdated": "2024-08-02T14:28:51.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35159
Vulnerability from cvelistv5
Published
2023-06-23 18:34
Modified
2024-11-27 20:08
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It's possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: > xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20583 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20612 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.4-milestone-1, < 14.10.5 Version: >= 15.0-rc-1, < 15.1-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20612",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20612"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35159",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-27T20:08:32.708079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-27T20:08:52.221Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.4-milestone-1, \u003c 14.10.5"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.1-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Users are able to forge an URL with a payload allowing to inject Javascript in the page (XSS). It\u0027s possible to exploit the deletespace template to perform a XSS, e.g. by using URL such as: \u003e xwiki/bin/deletespace/Sandbox/?xredirect=javascript:alert(document.domain). This vulnerability exists since XWiki 3.4-milestone-1. The vulnerability has been patched in XWiki 14.10.5 and 15.1-rc-1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.7,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-87",
"description": "CWE-87: Improper Neutralization of Alternate XSS Syntax",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T18:34:17.641Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-x234-mg7q-m8g8"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/5c20ff5e3bdea50f1053fe99a27e011b8d0e4b34"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20583",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20583"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20612",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20612"
}
],
"source": {
"advisory": "GHSA-x234-mg7q-m8g8",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to reflected cross-site scripting via xredirect parameter in deletespace template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35159",
"datePublished": "2023-06-23T18:34:17.641Z",
"dateReserved": "2023-06-14T14:17:52.178Z",
"dateUpdated": "2024-11-27T20:08:52.221Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-55662
Vulnerability from cvelistv5
Published
2024-12-12 17:25
Modified
2024-12-13 14:59
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21890 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.3-milestone-1, < 15.10.9 Version: >= 16.0.0-rc-1, < 16.3.0 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-55662",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-12-13T14:59:16.184056Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-12-13T14:59:39.724Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21890"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3-milestone-1, \u003c 15.10.9"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-96",
"description": "CWE-96: Improper Neutralization of Directives in Statically Saved Code (\u0027Static Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-12-12T17:25:26.297Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21890",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21890"
}
],
"source": {
"advisory": "GHSA-j2pq-22jj-4pm5",
"discovery": "UNKNOWN"
},
"title": "XWiki allows remote code execution through the extension sheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-55662",
"datePublished": "2024-12-12T17:25:26.297Z",
"dateReserved": "2024-12-10T15:33:57.416Z",
"dateUpdated": "2024-12-13T14:59:39.724Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32071
Vulnerability from cvelistv5
Published
2023-05-09 15:42
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it's possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `<xwiki app>/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01 | x_refsource_MISC | |
| https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20340 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.2-milestone-1, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.748Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01"
},
{
"name": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20340",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20340"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.2-milestone-1, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in versions 2.2-milestone-1 and prior to versions 14.4.8, 14.10.4, and 15.0-rc-1, it\u0027s possible to execute javascript with the right of any user by leading him to a special URL on the wiki targeting a page which contains an attachment. This has been patched in XWiki 15.0-rc-1, 14.10.4, and 14.4.8. The easiest possible workaround is to edit file `\u003cxwiki app\u003e/templates/importinline.vm` and apply the modification described in commit 28905f7f518cc6f21ea61fe37e9e1ed97ef36f01."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-79",
"description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T15:42:16.143Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j9h5-vcgv-2jfm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/28905f7f518cc6f21ea61fe37e9e1ed97ef36f01"
},
{
"name": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK",
"tags": [
"x_refsource_MISC"
],
"url": "https://app.intigriti.com/company/submissions/e95a7ad5-7029-4627-abf0-3e3e3ea0b4ce/XWIKI-E93DFEYK"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20340",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20340"
}
],
"source": {
"advisory": "GHSA-j9h5-vcgv-2jfm",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to RXSS via editor parameter - importinline template"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32071",
"datePublished": "2023-05-09T15:42:16.143Z",
"dateReserved": "2023-05-01T16:47:35.314Z",
"dateUpdated": "2024-08-02T15:03:28.748Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29520
Vulnerability from cvelistv5
Published
2023-04-18 23:33
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3 | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20460 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.410Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20460",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20460"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object. This will lead to a broken page. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no workarounds other than fixing any way to create a document that fail to load."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-248",
"description": "CWE-248: Uncaught Exception",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:33:41.232Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20460",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20460"
}
],
"source": {
"advisory": "GHSA-9jq5-xwqw-q8j3",
"discovery": "UNKNOWN"
},
"title": "Page render failure due to broken translations in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29520",
"datePublished": "2023-04-18T23:33:41.232Z",
"dateReserved": "2023-04-07T18:56:54.628Z",
"dateUpdated": "2024-08-02T14:07:46.410Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-37898
Vulnerability from cvelistv5
Published
2024-07-31 15:12
Modified
2024-07-31 17:36
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 13.10.4, < 14.0-rc-1 Version: >= 14.2, < 14.10.21 Version: >= 15.0, < 15.5.5 Version: >= 15.6-rc-1, < 15.10.6 |
|
|
|||
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37898",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-07-31T17:33:15.233676Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T17:36:54.705Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.10.4, \u003c 14.0-rc-1"
},
{
"status": "affected",
"version": "\u003e= 14.2, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.6"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn\u0027t have view right on the page. It therefore doesn\u0027t seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document\u0027s existing already."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862: Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-31T15:12:22.468Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21553",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21553"
}
],
"source": {
"advisory": "GHSA-33gp-gmg3-hfpq",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to document deletion and overwrite from edit"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37898",
"datePublished": "2024-07-31T15:12:22.468Z",
"dateReserved": "2024-06-10T19:54:41.361Z",
"dateUpdated": "2024-07-31T17:36:54.705Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-26471
Vulnerability from cvelistv5
Published
2023-03-02 18:28
Modified
2024-08-02 11:53
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20234 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 11.6-rc-1, < 13.10.10 Version: >= 14.0, < 14.4.6 Version: >= 14.5, < 14.9 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T11:53:52.772Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20234",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20234"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 11.6-rc-1, \u003c 13.10.10"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.4.6"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.9"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 11.6-rc-1, comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled), but the async macro does not take into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki content with the right of superadmin. This has been patched in XWiki 14.9, 14.4.6, and 13.10.10. The only known workaround consists of applying a patch and rebuilding and redeploying `org.xwiki.platform:xwiki-platform-rendering-async-macro`."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284: Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-03-02T18:28:52.037Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9cqm-5wf7-wcj7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/00532d9f1404287cf3ec3a05056640d809516006"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20234",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20234"
}
],
"source": {
"advisory": "GHSA-9cqm-5wf7-wcj7",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform users may execute anything with superadmin right through comments and async macro"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-26471",
"datePublished": "2023-03-02T18:28:52.037Z",
"dateReserved": "2023-02-23T23:22:58.572Z",
"dateUpdated": "2024-08-02T11:53:52.772Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-35150
Vulnerability from cvelistv5
Published
2023-06-23 16:26
Modified
2024-11-29 14:35
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20285 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.4-m-2, < 14.4.8 Version: >= 14.5, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T16:23:59.330Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20285",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20285"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2023-35150",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-11-29T14:35:08.323042Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-11-29T14:35:16.356Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.4-m-2, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 2.40m-2 and prior to versions 14.4.8, 14.10.4, and 15.0, any user with view rights on any document can execute code with programming rights, leading to remote code execution by crafting an url with a dangerous payload. The problem has been patched in XWiki 15.0, 14.10.4 and 14.4.8."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 9.9,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-06-23T16:26:55.213Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6mf5-36v9-3h2w"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/b65220a4d86b8888791c3b643074ebca5c089a3a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20285",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20285"
}
],
"source": {
"advisory": "GHSA-6mf5-36v9-3h2w",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to privilege escalation (PR) from view right via Invitation application"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-35150",
"datePublished": "2023-06-23T16:26:55.213Z",
"dateReserved": "2023-06-14T14:17:52.177Z",
"dateUpdated": "2024-11-29T14:35:16.356Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41932
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.8 Version: >= 14.0.0, < 14.4.2 Version: >= 14.5.0, < 14.6-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.534Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4x5r-6v26-7j4v"
},
{
"tags": [
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19886"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.8"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.2"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.6-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It\u0027s possible to make XWiki create many new schemas and fill them with tables just by using a crafted user identifier in the login form. This may lead to degraded database performance. The problem has been patched in XWiki 13.10.8, 14.6RC1 and 14.4.2. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4x5r-6v26-7j4v"
},
{
"url": "https://jira.xwiki.org/browse/XWIKI-19886"
}
],
"source": {
"advisory": "GHSA-4x5r-6v26-7j4v",
"discovery": "UNKNOWN"
},
"title": "Creation of new database tables through login form on PostgreSQL"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41932",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.534Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29527
Vulnerability from cvelistv5
Published
2023-04-18 22:53
Modified
2024-08-02 14:14
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the document after saving it will execute the groovy script in the server context which provides code execution. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3. Users are advised to upgrade. There are no known workarounds for this issue.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr | x_refsource_CONFIRM | |
| https://jira.xwiki.org/browse/XWIKI-20423 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 7.4.4, < 14.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:14:38.641Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20423",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20423"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 7.4.4, \u003c 14.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions a user without script or programming right may edit a user profile (or any other document) with the wiki editor and add groovy script content. Viewing the document after saving it will execute the groovy script in the server context which provides code execution. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3. Users are advised to upgrade. There are no known workarounds for this issue."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T22:53:41.740Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgrg-qvpp-9vwr"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20423",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20423"
}
],
"source": {
"advisory": "GHSA-jgrg-qvpp-9vwr",
"discovery": "UNKNOWN"
},
"title": "Code injection from account through AWM view sheet in xwiki platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29527",
"datePublished": "2023-04-18T22:53:41.740Z",
"dateReserved": "2023-04-07T18:56:54.629Z",
"dateUpdated": "2024-08-02T14:14:38.641Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-41927
Vulnerability from cvelistv5
Published
2022-11-23 00:00
Modified
2024-08-03 12:56
Severity ?
EPSS score ?
Summary
XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.2-milestone-2, < 13.10.7 Version: >= 14.0.0, < 14.4.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T12:56:38.542Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
},
{
"tags": [
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.2-milestone-2, \u003c 13.10.7"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-352",
"description": "CWE-352: Cross-Site Request Forgery (CSRF)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-23T00:00:00",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
},
{
"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
}
],
"source": {
"advisory": "GHSA-mq7h-5574-hw9f",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-41927",
"datePublished": "2022-11-23T00:00:00",
"dateReserved": "2022-09-30T00:00:00",
"dateUpdated": "2024-08-03T12:56:38.542Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-29258
Vulnerability from cvelistv5
Published
2022-05-31 16:45
Modified
2024-08-03 06:17
Severity ?
EPSS score ?
Summary
XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xjfw-5vv5-vjq2 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/21906acb5ee2304552f56f9bbdbf8e7d368f7f3a | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19293 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 5.4.4, <= 6.0-milestone-2 Version: >= 6.0-milestone-2, < 12.10.11 Version: >= 13.0.0, < 13.4.7 Version: >= 13.5.0, < 13.10.3 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T06:17:54.474Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xjfw-5vv5-vjq2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/21906acb5ee2304552f56f9bbdbf8e7d368f7f3a"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19293"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.4.4, \u003c= 6.0-milestone-2"
},
{
"status": "affected",
"version": "\u003e= 6.0-milestone-2, \u003c 12.10.11"
},
{
"status": "affected",
"version": "\u003e= 13.0.0, \u003c 13.4.7"
},
{
"status": "affected",
"version": "\u003e= 13.5.0, \u003c 13.10.3"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-80",
"description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-116",
"description": "CWE-116: Improper Encoding or Escaping of Output",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-05-31T16:45:11",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xjfw-5vv5-vjq2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/21906acb5ee2304552f56f9bbdbf8e7d368f7f3a"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19293"
}
],
"source": {
"advisory": "GHSA-xjfw-5vv5-vjq2",
"discovery": "UNKNOWN"
},
"title": "Cross-site Scripting in Filter Stream Converter Application in XWiki Platform",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-29258",
"STATE": "PUBLIC",
"TITLE": "Cross-site Scripting in Filter Stream Converter Application in XWiki Platform"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 5.4.4, \u003c= 6.0-milestone-2"
},
{
"version_value": "\u003e= 6.0-milestone-2, \u003c 12.10.11"
},
{
"version_value": "\u003e= 13.0.0, \u003c 13.4.7"
},
{
"version_value": "\u003e= 13.5.0, \u003c 13.10.3"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Filter UI provides a generic user interface to convert from a XWiki Filter input stream to an output stream with settings for each stream. Starting with versions 6.0-milestone-2 and 5.4.4 and prior to versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3, XWiki Platform Filter UI contains a possible cross-site scripting vector in the `Filter.FilterStreamDescriptorForm` wiki page related to pretty much all the form fields printed in the home page of the application. The issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, and 13.10.3. The easiest workaround is to edit the wiki page `Filter.FilterStreamDescriptorForm` (with wiki editor) according to the instructions in the GitHub Security Advisory."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.4,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)"
}
]
},
{
"description": [
{
"lang": "eng",
"value": "CWE-116: Improper Encoding or Escaping of Output"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xjfw-5vv5-vjq2",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xjfw-5vv5-vjq2"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/21906acb5ee2304552f56f9bbdbf8e7d368f7f3a",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/21906acb5ee2304552f56f9bbdbf8e7d368f7f3a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19293",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19293"
}
]
},
"source": {
"advisory": "GHSA-xjfw-5vv5-vjq2",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-29258",
"datePublished": "2022-05-31T16:45:11",
"dateReserved": "2022-04-13T00:00:00",
"dateUpdated": "2024-08-03T06:17:54.474Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-50723
Vulnerability from cvelistv5
Published
2023-12-15 19:02
Modified
2024-08-02 22:16
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5 | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7 | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21121 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21122 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-21194 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 2.3, < 14.10.15 Version: >= 15.0-rc-1, < 15.5.2 Version: >= 15.6-rc-1, < 15.7-rc-1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T22:16:47.297Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21121",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21121"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21122",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21122"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21194",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21194"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 2.3, \u003c 14.10.15"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.2"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.7-rc-1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in 2.3 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, anyone who can edit an arbitrary wiki page in an XWiki installation can gain programming right through several cases of missing escaping in the code for displaying sections in the administration interface. This impacts the confidentiality, integrity and availability of the whole XWiki installation. Normally, all users are allowed to edit their own user profile so this should be exploitable by all users of the XWiki instance. This has been fixed in XWiki 14.10.15, 15.5.2 and 15.7RC1. The patches can be manually applied to the `XWiki.ConfigurableClassMacros` and `XWiki.ConfigurableClass` pages."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-95",
"description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-12-15T19:02:57.939Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21121",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21121"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21122",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21122"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21194",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21194"
}
],
"source": {
"advisory": "GHSA-qj86-p74r-7wp5",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform remote code execution/programming rights with configuration section from any user account"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-50723",
"datePublished": "2023-12-15T19:02:57.939Z",
"dateReserved": "2023-12-11T17:53:36.031Z",
"dateUpdated": "2024-08-02T22:16:47.297Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2022-36092
Vulnerability from cvelistv5
Published
2022-09-08 17:15
Modified
2024-08-03 09:52
Severity ?
EPSS score ?
Summary
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb | x_refsource_MISC | |
| https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-18602 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-19549 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.4 Version: >= 14.0, < 14.2 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T09:52:00.519Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18602"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19549"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.4"
},
{
"status": "affected",
"version": "\u003e= 14.0, \u003c 14.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-287",
"description": "CWE-287: Improper Authentication",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-09-08T17:15:15",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18602"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-19549"
}
],
"source": {
"advisory": "GHSA-8h89-34w2-jpfm",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-36092",
"STATE": "PUBLIC",
"TITLE": "XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003c 13.10.4"
},
{
"version_value": "\u003e= 14.0, \u003c 14.2"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. As a workaround, it would be possible to protect all templates individually by adding code to check access rights first."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-287: Improper Authentication"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18602",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18602"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-19549",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-19549"
}
]
},
"source": {
"advisory": "GHSA-8h89-34w2-jpfm",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2022-36092",
"datePublished": "2022-09-08T17:15:15",
"dateReserved": "2022-07-15T00:00:00",
"dateUpdated": "2024-08-03T09:52:00.519Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-29514
Vulnerability from cvelistv5
Published
2023-04-18 23:48
Modified
2024-08-02 14:07
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20268 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: < 13.10.11 Version: >= 14.0.0, < 14.4.8 Version: >= 14.5.0, < 14.10.1 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T14:07:46.425Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20268",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20268"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003c 13.10.11"
},
{
"status": "affected",
"version": "\u003e= 14.0.0, \u003c 14.4.8"
},
{
"status": "affected",
"version": "\u003e= 14.5.0, \u003c 14.10.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-04-18T23:48:12.348Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4j"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20268",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20268"
}
],
"source": {
"advisory": "GHSA-9j36-3cp4-rh4j",
"discovery": "UNKNOWN"
},
"title": "Code injection in template provider administration in xwiki-platform"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-29514",
"datePublished": "2023-04-18T23:48:12.348Z",
"dateReserved": "2023-04-07T18:56:54.627Z",
"dateUpdated": "2024-08-02T14:07:46.425Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2023-32069
Vulnerability from cvelistv5
Published
2023-05-09 15:31
Modified
2024-08-02 15:03
Severity ?
EPSS score ?
Summary
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f | x_refsource_CONFIRM | |
| https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4 | x_refsource_MISC | |
| https://jira.xwiki.org/browse/XWIKI-20566 | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ▼ | xwiki | xwiki-platform |
Version: >= 3.3-milestone-3, < 14.10.4 |
|
|
|||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T15:03:28.816Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20566",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20566"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 3.3-milestone-3, \u003c 14.10.4"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it\u0027s possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-863",
"description": "CWE-863: Incorrect Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2023-05-09T15:31:59.892Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-20566",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-20566"
}
],
"source": {
"advisory": "GHSA-36fm-j33w-c25f",
"discovery": "UNKNOWN"
},
"title": "XWiki Platform privilege escalation (PR)/RCE from account through class sheet"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2023-32069",
"datePublished": "2023-05-09T15:31:59.892Z",
"dateReserved": "2023-05-01T16:47:35.314Z",
"dateUpdated": "2024-08-02T15:03:28.816Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}