cve-2025-29924
Vulnerability from cvelistv5
Published
2025-03-19 17:31
Modified
2025-03-19 19:42
Severity ?
8.7 (High) - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N
Summary
XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent unregistered users to view pages". The vulnerability only affects subwikis, and it only concerns specific right options such as "Prevent unregistered users to view pages". or "Prevent unregistered users to edit pages". It's possible to detect the vulnerability by enabling "Prevent unregistered users to view pages" and then trying to access a page through the REST API without using any credentials. The vulnerability has been patched in XWiki 15.10.14, 16.4.6 and 16.10.0RC1.
References
security-advisories@github.comhttps://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e
security-advisories@github.comhttps://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3
security-advisories@github.comhttps://jira.xwiki.org/browse/XWIKI-22640
134c704f-9b21-4f2e-91b3-4a467353bcc0https://jira.xwiki.org/browse/XWIKI-22640
Impacted products
Vendor Product Version
xwiki xwiki-platform Version: >= 6.1-rc-1, < 15.10.14
Version: >= 16.0.0-rc-1, < 16.4.6
Version: >= 16.5.0-rc-1, < 16.10.0-rc-1
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
   containers: {
      adp: [
         {
            metrics: [
               {
                  other: {
                     content: {
                        id: "CVE-2025-29924",
                        options: [
                           {
                              Exploitation: "poc",
                           },
                           {
                              Automatable: "yes",
                           },
                           {
                              "Technical Impact": "partial",
                           },
                        ],
                        role: "CISA Coordinator",
                        timestamp: "2025-03-19T19:42:02.841754Z",
                        version: "2.0.3",
                     },
                     type: "ssvc",
                  },
               },
            ],
            providerMetadata: {
               dateUpdated: "2025-03-19T19:42:06.757Z",
               orgId: "134c704f-9b21-4f2e-91b3-4a467353bcc0",
               shortName: "CISA-ADP",
            },
            references: [
               {
                  tags: [
                     "exploit",
                  ],
                  url: "https://jira.xwiki.org/browse/XWIKI-22640",
               },
            ],
            title: "CISA ADP Vulnrichment",
         },
      ],
      cna: {
         affected: [
            {
               product: "xwiki-platform",
               vendor: "xwiki",
               versions: [
                  {
                     status: "affected",
                     version: ">= 6.1-rc-1, < 15.10.14",
                  },
                  {
                     status: "affected",
                     version: ">= 16.0.0-rc-1, < 16.4.6",
                  },
                  {
                     status: "affected",
                     version: ">= 16.5.0-rc-1, < 16.10.0-rc-1",
                  },
               ],
            },
         ],
         descriptions: [
            {
               lang: "en",
               value: "XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using \"Prevent unregistered users to view pages\". The vulnerability only affects subwikis, and it only concerns specific right options such as \"Prevent unregistered users to view pages\". or \"Prevent unregistered users to edit pages\". It's possible to detect the vulnerability by enabling \"Prevent unregistered users to view pages\" and then trying to access a page through the REST API without using any credentials. The vulnerability has been patched in XWiki 15.10.14, 16.4.6 and 16.10.0RC1.",
            },
         ],
         metrics: [
            {
               cvssV4_0: {
                  attackComplexity: "LOW",
                  attackRequirements: "NONE",
                  attackVector: "NETWORK",
                  baseScore: 8.7,
                  baseSeverity: "HIGH",
                  privilegesRequired: "NONE",
                  subAvailabilityImpact: "NONE",
                  subConfidentialityImpact: "NONE",
                  subIntegrityImpact: "NONE",
                  userInteraction: "NONE",
                  vectorString: "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N",
                  version: "4.0",
                  vulnAvailabilityImpact: "NONE",
                  vulnConfidentialityImpact: "HIGH",
                  vulnIntegrityImpact: "NONE",
               },
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     cweId: "CWE-269",
                     description: "CWE-269: Improper Privilege Management",
                     lang: "en",
                     type: "CWE",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2025-03-19T17:32:49.726Z",
            orgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
            shortName: "GitHub_M",
         },
         references: [
            {
               name: "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3",
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3",
            },
            {
               name: "https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e",
            },
            {
               name: "https://jira.xwiki.org/browse/XWIKI-22640",
               tags: [
                  "x_refsource_MISC",
               ],
               url: "https://jira.xwiki.org/browse/XWIKI-22640",
            },
         ],
         source: {
            advisory: "GHSA-gq32-758c-3wm3",
            discovery: "UNKNOWN",
         },
         title: "XWiki uses the wrong wiki reference in AuthorizationManager",
      },
   },
   cveMetadata: {
      assignerOrgId: "a0819718-46f1-4df5-94e2-005712e83aaa",
      assignerShortName: "GitHub_M",
      cveId: "CVE-2025-29924",
      datePublished: "2025-03-19T17:31:09.666Z",
      dateReserved: "2025-03-12T13:42:22.136Z",
      dateUpdated: "2025-03-19T19:42:06.757Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
   "vulnerability-lookup:meta": {
      nvd: "{\"cve\":{\"id\":\"CVE-2025-29924\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2025-03-19T18:15:25.147\",\"lastModified\":\"2025-03-19T20:15:19.873\",\"vulnStatus\":\"Received\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using \\\"Prevent unregistered users to view pages\\\". The vulnerability only affects subwikis, and it only concerns specific right options such as \\\"Prevent unregistered users to view pages\\\". or \\\"Prevent unregistered users to edit pages\\\". It's possible to detect the vulnerability by enabling \\\"Prevent unregistered users to view pages\\\" and then trying to access a page through the REST API without using any credentials. The vulnerability has been patched in XWiki 15.10.14, 16.4.6 and 16.10.0RC1.\"}],\"metrics\":{\"cvssMetricV40\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"4.0\",\"vectorString\":\"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X\",\"baseScore\":8.7,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"attackRequirements\":\"NONE\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"vulnConfidentialityImpact\":\"HIGH\",\"vulnIntegrityImpact\":\"NONE\",\"vulnAvailabilityImpact\":\"NONE\",\"subConfidentialityImpact\":\"NONE\",\"subIntegrityImpact\":\"NONE\",\"subAvailabilityImpact\":\"NONE\",\"exploitMaturity\":\"NOT_DEFINED\",\"confidentialityRequirement\":\"NOT_DEFINED\",\"integrityRequirement\":\"NOT_DEFINED\",\"availabilityRequirement\":\"NOT_DEFINED\",\"modifiedAttackVector\":\"NOT_DEFINED\",\"modifiedAttackComplexity\":\"NOT_DEFINED\",\"modifiedAttackRequirements\":\"NOT_DEFINED\",\"modifiedPrivilegesRequired\":\"NOT_DEFINED\",\"modifiedUserInteraction\":\"NOT_DEFINED\",\"modifiedVulnConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedVulnIntegrityImpact\":\"NOT_DEFINED\",\"modifiedVulnAvailabilityImpact\":\"NOT_DEFINED\",\"modifiedSubConfidentialityImpact\":\"NOT_DEFINED\",\"modifiedSubIntegrityImpact\":\"NOT_DEFINED\",\"modifiedSubAvailabilityImpact\":\"NOT_DEFINED\",\"Safety\":\"NOT_DEFINED\",\"Automatable\":\"NOT_DEFINED\",\"Recovery\":\"NOT_DEFINED\",\"valueDensity\":\"NOT_DEFINED\",\"vulnerabilityResponseEffort\":\"NOT_DEFINED\",\"providerUrgency\":\"NOT_DEFINED\"}}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-269\"}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-22640\",\"source\":\"security-advisories@github.com\"},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-22640\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\"}]}}",
      vulnrichment: {
         containers: "{\"cna\": {\"title\": \"XWiki uses the wrong wiki reference in AuthorizationManager\", \"problemTypes\": [{\"descriptions\": [{\"cweId\": \"CWE-269\", \"lang\": \"en\", \"description\": \"CWE-269: Improper Privilege Management\", \"type\": \"CWE\"}]}], \"metrics\": [{\"cvssV4_0\": {\"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"attackRequirements\": \"NONE\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"vulnConfidentialityImpact\": \"HIGH\", \"vulnIntegrityImpact\": \"NONE\", \"vulnAvailabilityImpact\": \"NONE\", \"subConfidentialityImpact\": \"NONE\", \"subIntegrityImpact\": \"NONE\", \"subAvailabilityImpact\": \"NONE\", \"baseScore\": 8.7, \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N\", \"version\": \"4.0\"}}], \"references\": [{\"name\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3\", \"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gq32-758c-3wm3\"}, {\"name\": \"https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://github.com/xwiki/xwiki-platform/commit/5f98bde87288326cf5787604e2bb87836875ed0e\"}, {\"name\": \"https://jira.xwiki.org/browse/XWIKI-22640\", \"tags\": [\"x_refsource_MISC\"], \"url\": \"https://jira.xwiki.org/browse/XWIKI-22640\"}], \"affected\": [{\"vendor\": \"xwiki\", \"product\": \"xwiki-platform\", \"versions\": [{\"version\": \">= 6.1-rc-1, < 15.10.14\", \"status\": \"affected\"}, {\"version\": \">= 16.0.0-rc-1, < 16.4.6\", \"status\": \"affected\"}, {\"version\": \">= 16.5.0-rc-1, < 16.10.0-rc-1\", \"status\": \"affected\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2025-03-19T17:32:49.726Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using \\\"Prevent unregistered users to view pages\\\". The vulnerability only affects subwikis, and it only concerns specific right options such as \\\"Prevent unregistered users to view pages\\\". or \\\"Prevent unregistered users to edit pages\\\". It's possible to detect the vulnerability by enabling \\\"Prevent unregistered users to view pages\\\" and then trying to access a page through the REST API without using any credentials. The vulnerability has been patched in XWiki 15.10.14, 16.4.6 and 16.10.0RC1.\"}], \"source\": {\"advisory\": \"GHSA-gq32-758c-3wm3\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2025-29924\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-03-19T19:42:02.841754Z\"}}}], \"references\": [{\"url\": \"https://jira.xwiki.org/browse/XWIKI-22640\", \"tags\": [\"exploit\"]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-03-19T19:41:58.848Z\"}}]}",
         cveMetadata: "{\"cveId\": \"CVE-2025-29924\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"state\": \"PUBLISHED\", \"assignerShortName\": \"GitHub_M\", \"dateReserved\": \"2025-03-12T13:42:22.136Z\", \"datePublished\": \"2025-03-19T17:31:09.666Z\", \"dateUpdated\": \"2025-03-19T19:42:06.757Z\"}",
         dataType: "CVE_RECORD",
         dataVersion: "5.1",
      },
   },
}


Log in or create an account to share your comment.

Security Advisory comment format.

This schema specifies the format of a comment related to a security advisory.

UUIDv4 of the comment
UUIDv4 of the Vulnerability-Lookup instance
When the comment was created originally
When the comment was last updated
Title of the comment
Description of the comment
The identifier of the vulnerability (CVE ID, GHSA-ID, PYSEC ID, etc.).



Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.