Lucene search

GoogleOSV:GHSA-9JQ5-XWQW-Q8J3

HistoryApr 20, 2023 - 10:05 p.m.

XWiki Platform vulnerable to page render failure due to broken translations

2023-04-2022:05:26

Google

osv.dev

xwiki platform

broken translations

vulnerability

patched

versions

software

page render failure

translations

document

security advisory

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

23.5%

JSON

Impact

It’s possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.

Patches

The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Workarounds

There is no other workaround other than fixing any way to create a document that fail to load.

References

https://jira.xwiki.org/browse/XWIKI-20460

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

References

github.com/xwiki/xwiki-platform

github.com/xwiki/xwiki-platform/security/advisories/GHSA-9jq5-xwqw-q8j3

jira.xwiki.org/browse/XWIKI-20460

nvd.nist.gov/vuln/detail/CVE-2023-29520

6.5 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

0.001 Low

EPSS

Percentile

23.5%

JSON

Related for OSV:GHSA-9JQ5-XWQW-Q8J3