CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform

🗓️ 18 Apr 2023 23:46:10Reported by GitHub_MType

XWiki Platform vulnerability in user creation without registration validation

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of access control mechanisms. This allows attackers to create new users.	14 Feb 202400:00	–	bdu_fstec
CNNVD	XWiki Platform 访问控制错误漏洞	18 Apr 202300:00	–	cnnvd
CVE	CVE-2023-29513	18 Apr 202323:46	–	cve
EUVD	EUVD-2023-1293	3 Oct 202520:07	–	euvd
Github Security Blog	xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro	20 Apr 202321:39	–	github
NCSC	Vulnerabilities fixed in Xwiki	20 Apr 202300:00	–	ncsc
NVD	CVE-2023-29513	19 Apr 202300:15	–	nvd
OpenVAS	XWiki 8.0-rc-1 < 14.10.1 Improper Access Control Vulnerability (GHSA-fp36-mjw5-fmgx)	18 Aug 202300:00	–	openvas
OSV	CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform	18 Apr 202323:46	–	osv
OSV	GHSA-FP36-MJW5-FMGX xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro	20 Apr 202321:39	–	osv

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": "< 14.10.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-20400
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx
jira	www.jira.xwiki.org/browse/XWIKI-19852

18 Apr 2023 23:46Current

5.4Medium risk

Vulners AI Score5.4

CVSS 3.15

EPSS0.00672

CWE-284