CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution

🗓️ 24 Aug 2023 01:31:14Reported by GitHub_MType

XWiki Platform's Groovy jobs vulnerability fixed in versions 14.10.9 and 15.4RC

Reporter	Title	Published	Views	Family All 14
BDU FSTEC	The vulnerability of the XWiki Platform, a platform for creating collaborative web applications, is related to deficiencies in access control. Exploiting this vulnerability could allow a hacker to execute arbitrary code.	7 Sep 202300:00	–	bdu_fstec
Circl	CVE-2023-40573	24 Aug 202307:12	–	circl
CNNVD	XWiki Platform 访问控制错误漏洞	24 Aug 202300:00	–	cnnvd
CVE	CVE-2023-40573	24 Aug 202301:31	–	cve
EUVD	EUVD-2023-2250	3 Oct 202520:07	–	euvd
Github Security Blog	XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution	23 Aug 202320:41	–	github
NVD	CVE-2023-40573	24 Aug 202302:15	–	nvd
OpenVAS	XWiki < 14.10.9, 15.0-rc-1 < 15.4 Improper Access Control Vulnerability (GHSA-8xhr-x3v8-rghj)	25 Aug 202300:00	–	openvas
OSV	CVE-2023-40573 XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution	24 Aug 202301:31	–	osv
OSV	GHSA-8XHR-X3V8-RGHJ XWiki Platform's Groovy jobs check the wrong author, allowing remote code execution	23 Aug 202320:41	–	osv

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": "< 14.10.9",
        "status": "affected"
      },
      {
        "version": ">= 1.3",
        "status": "affected"
      },
      {
        "version": ">= 15.0-rc-1, < 15.4-rc-1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/xwiki/xwiki-platform/commit/fcdcfed3fe2e8a3cad66ae0610795a2d58ab9662
jira	www.jira.xwiki.org/browse/XWIKI-20852
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-8xhr-x3v8-rghj

24 Aug 2023 01:31Current

9.6High risk

Vulners AI Score9.6

CVSS 3.19

EPSS0.03635

CWE-284