CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.7%
It’s possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki.
The problem has been patched in XWiki 13.1RC1 with a complete refactoring of the Reset password feature.
There’s different possible workarounds, all consisting in modifying the XWiki/ResetPassword page.
https://jira.xwiki.org/browse/XWIKI-16661
If you have any questions or comments about this advisory:
Vendor | Product | Version | CPE |
---|---|---|---|
org.xwiki.platform | xwiki-platform-administration-ui | * | cpe:2.3:a:org.xwiki.platform:xwiki-platform-administration-ui:*:*:*:*:*:*:*:* |
github.com/advisories/GHSA-mgjw-2wrp-r535
github.com/xwiki/xwiki-platform/commit/407caeba05c181bd4835e1dd12e431fa15ff728b#diff-c51a3675b6e312a9385a27566bfb4e5cL340
github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535
jira.xwiki.org/browse/XWIKI-16661
nvd.nist.gov/vuln/detail/CVE-2022-23616
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS
Percentile
78.7%