XWiki - Open Redirect

id: CVE-2023-32068

info:
  name: XWiki - Open Redirect
  author: ritikchaddha
  severity: medium
  description: |
    XWiki Platform is vulnerable to open redirect attacks due to improper validation of the xredirect parameter. This allows an attacker to redirect users to an arbitrary website. The vulnerability is patched in versions 14.10.4 and 15.0.
  impact: |
    An attacker can craft malicious URLs to redirect users to malicious websites.
  remediation: |
    Implement proper input validation and sanitize user-controlled input to prevent open redirect vulnerabilities.
  reference:
    - https://jira.xwiki.org/browse/XWIKI-20096
    - https://nvd.nist.gov/vuln/detail/CVE-2023-32068
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
    cvss-score: 6.1
    cve-id: CVE-2023-32068
    cwe-id: CWE-601
    epss-score: 0.00149
    epss-percentile: 0.50372
    cpe: cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
  metadata:
    max-request: 1
    vendor: xwiki
    product: xwiki
    shodan-query: html:"data-xwiki-reference"
    fofa-query: body="data-xwiki-reference"
  tags: cve,cve2023,xwiki,redirect

http:
  - method: GET
    path:
      - "{{BaseURL}}/bin/login/XWiki/XWikiLogin?xredirect=//oast.me"

    matchers:
      - type: regex
        part: header
        regex:
          - '(?m)^(?:Location\s*?:\s*?)(?:https?://|//)?(?:[a-zA-Z0-9\-_]*\.)?oast\.me(?:\s*?)$'
# digest: 490a00463044022022611f58439e1b8aa2bf5df976f3774aa14e202e26280efda8267481141f80de022050cc9f2a7c4906ef5bc096ec3ca0ccad1892f139eae285db8a964bd5a5b11f7d:922c64590222798bb761d5b6d8e72950