gsd-2022-23620
Vulnerability from gsd
Modified
2023-12-13 01:19
Details
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2022-23620",
"description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.",
"id": "GSD-2022-23620"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2022-23620"
],
"details": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.",
"id": "GSD-2022-23620",
"modified": "2023-12-13T01:19:35.258041Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23620",
"STATE": "PUBLIC",
"TITLE": "Path traversal in xwiki-platform-skin-skinx"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "xwiki-platform",
"version": {
"version_data": [
{
"version_value": "\u003e= 6.2-rc-1, \u003c 13.6"
}
]
}
}
]
},
"vendor_name": "xwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.8,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "HIGH",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq",
"refsource": "CONFIRM",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5",
"refsource": "MISC",
"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18819",
"refsource": "MISC",
"url": "https://jira.xwiki.org/browse/XWIKI-18819"
}
]
},
"source": {
"advisory": "GHSA-7ph6-5cmq-xgjq",
"discovery": "UNKNOWN"
}
},
"gitlab.com": {
"advisories": [
{
"affected_range": "[6.2,13.6)",
"affected_versions": "All versions starting from 6.2 before 13.6",
"cwe_ids": [
"CWE-1035",
"CWE-22",
"CWE-937"
],
"date": "2022-02-10",
"description": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved . This issue can be worked around by limiting or disabling document export.",
"fixed_versions": [
"13.6"
],
"identifier": "CVE-2022-23620",
"identifiers": [
"GHSA-7ph6-5cmq-xgjq",
"CVE-2022-23620"
],
"not_impacted": "All versions before 6.2, all versions starting from 13.6",
"package_slug": "maven/org.xwiki.platform/xwiki-platform-skin-skinx",
"pubdate": "2022-02-09",
"solution": "Upgrade to version 13.6 or above.",
"title": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"urls": [
"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq",
"https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5",
"https://jira.xwiki.org/browse/XWIKI-18819",
"https://github.com/advisories/GHSA-7ph6-5cmq-xgjq"
],
"uuid": "bc064194-b106-4347-9cd1-2bb2476ea8f9"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndIncluding": "13.6",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security-advisories@github.com",
"ID": "CVE-2022-23620"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-116"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq",
"refsource": "CONFIRM",
"tags": [
"Third Party Advisory"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-18819",
"refsource": "MISC",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://jira.xwiki.org/browse/XWIKI-18819"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5",
"refsource": "MISC",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.5
}
},
"lastModifiedDate": "2023-06-27T02:43Z",
"publishedDate": "2022-02-09T22:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.