CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform

🗓️ 18 Apr 2023 23:46:10Reported by GoogleType

osv

osv🔗 osv.dev👁 10 Views

XWiki Platform vulnerability in user creation

Reporter	Title	Published	Views	Family All 13
BDU FSTEC	The vulnerability of the XWiki platform for creating collaborative web applications lies in its lack of access control mechanisms. This allows attackers to create new users.	14 Feb 202400:00	–	bdu_fstec
CNNVD	XWiki Platform 访问控制错误漏洞	18 Apr 202300:00	–	cnnvd
CVE	CVE-2023-29513	18 Apr 202323:46	–	cve
Cvelist	CVE-2023-29513 Users can be created even when registration is disabled without validation via the template macro in xwiki-platform	18 Apr 202323:46	–	cvelist
EUVD	EUVD-2023-1293	3 Oct 202520:07	–	euvd
Github Security Blog	xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro	20 Apr 202321:39	–	github
NCSC	Vulnerabilities fixed in Xwiki	20 Apr 202300:00	–	ncsc
NVD	CVE-2023-29513	19 Apr 202300:15	–	nvd
OpenVAS	XWiki 8.0-rc-1 < 14.10.1 Improper Access Control Vulnerability (GHSA-fp36-mjw5-fmgx)	18 Aug 202300:00	–	openvas
OSV	GHSA-FP36-MJW5-FMGX xwiki-platform-web-templates allows users to be created even when registration is disabled without validation via template macro	20 Apr 202321:39	–	osv

Source	Link
jira	www.jira.xwiki.org/browse/XWIKI-19852
jira	www.jira.xwiki.org/browse/XWIKI-20400
github	www.github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29513.json
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-29513

10 Apr 2026 04:57Current

4.8Medium risk

Vulners AI Score4.8

CVSS 3.15

EPSS0.01625

xwiki platform vulnerability user creation patch upgrade software