cnvd - cnvd-2022-86389

cnvd-2022-86389

Vulnerability from cnvd

Title: XWiki Platform代码注入漏洞

Description:

XWiki Platform是法国XWiki公司的一套用于创建Web协作应用程序的Wiki平台。

XWiki Platform存在代码注入漏洞。该漏洞源于宏内容和菜单宏参数未正确转义，攻击者可利用漏洞执行任意Groovy、Python或Velocity代码。

Severity: 高

Patch Name: XWiki Platform代码注入漏洞的补丁

Patch Description:

XWiki Platform是法国XWiki公司的一套用于创建Web协作应用程序的Wiki平台。

XWiki Platform存在代码注入漏洞。该漏洞源于宏内容和菜单宏参数未正确转义，攻击者可利用漏洞执行任意Groovy、Python或Velocity代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q

Reference: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q

Impacted products

Name
['XWiki XWiki Platform <13.10.8', 'XWiki XWiki Platform 14.4.4', 'XWiki XWiki Platform >=14.0.0，<14.4.3', 'XWiki XWiki Platform 14.4.5']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2022-41934",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2022-41934"
    }
  },
  "description": "XWiki Platform\u662f\u6cd5\u56fdXWiki\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efaWeb\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u7684Wiki\u5e73\u53f0\u3002\n\nXWiki Platform\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b8f\u5185\u5bb9\u548c\u83dc\u5355\u5b8f\u53c2\u6570\u672a\u6b63\u786e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610fGroovy\u3001Python\u6216Velocity\u4ee3\u7801\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-86389",
  "openTime": "2022-12-06",
  "patchDescription": "XWiki Platform\u662f\u6cd5\u56fdXWiki\u516c\u53f8\u7684\u4e00\u5957\u7528\u4e8e\u521b\u5efaWeb\u534f\u4f5c\u5e94\u7528\u7a0b\u5e8f\u7684Wiki\u5e73\u53f0\u3002\r\n\r\nXWiki Platform\u5b58\u5728\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u3002\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5b8f\u5185\u5bb9\u548c\u83dc\u5355\u5b8f\u53c2\u6570\u672a\u6b63\u786e\u8f6c\u4e49\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u6f0f\u6d1e\u6267\u884c\u4efb\u610fGroovy\u3001Python\u6216Velocity\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "XWiki Platform\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "XWiki XWiki Platform \u003c13.10.8",
      "XWiki XWiki Platform 14.4.4",
      "XWiki XWiki Platform \u003e=14.0.0\uff0c\u003c14.4.3",
      "XWiki XWiki Platform 14.4.5"
    ]
  },
  "referenceLink": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q",
  "serverity": "\u9ad8",
  "submitTime": "2022-11-25",
  "title": "XWiki Platform\u4ee3\u7801\u6ce8\u5165\u6f0f\u6d1e"
}

CVE-2022-41934 (GCVE-0-2022-41934)

Vulnerability from cvelistv5

Published

2022-11-23 00:00

Modified

2025-04-22 16:00

Severity ?

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate.

References

▼	URL	Tags
	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q
	https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d
	https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16
	https://jira.xwiki.org/browse/XWIKI-19857
	https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Version: < 13.10.8 Version: >= 14.0.0, < 14.4.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.543Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-19857"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41934",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:19.421791Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:00:50.588Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 13.10.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 14.0.0, \u003c 14.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The problem has been patched in XWiki 14.6RC1, 13.10.8 and 14.4.3. The patch (commit `2fc20891`) for the document `Menu.MenuMacro` can be manually applied or a XAR archive of a patched version can be imported. The menu macro was basically unchanged since XWiki 11.6 so on XWiki 11.6 or later the patch for version of 13.10.8 (commit `59ccca24a`) can most likely be applied, on XWiki version 14.0 and later the versions in XWiki 14.6 and 14.4.3 should be appropriate."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-74",
              "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-23T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6w8h-26xx-cf8q"
        },
        {
          "url": "https://github.com/xwiki/xwiki-platform/commit/2fc20891e6c6b0ca05ee07e315e7f435e8919f8d"
        },
        {
          "url": "https://github.com/xwiki/xwiki-platform/commit/59ccca24a8465a19f40c51d65fcc2c09c1edea16"
        },
        {
          "url": "https://jira.xwiki.org/browse/XWIKI-19857"
        },
        {
          "url": "https://www.xwiki.org/xwiki/bin/view/Documentation/UserGuide/Features/Imports#HImportingXWikipages"
        }
      ],
      "source": {
        "advisory": "GHSA-6w8h-26xx-cf8q",
        "discovery": "UNKNOWN"
      },
      "title": "Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41934",
    "datePublished": "2022-11-23T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:00:50.588Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted