Lucene search

K

GoogleOSV:GHSA-RFH6-MG6H-H668

HistoryApr 12, 2023 - 8:36 p.m.

xwiki-platform-administration-ui vulnerable to privilege escalation

2023-04-1220:36:56

Google

osv.dev

5

xwiki

privilege escalation

vulnerability

patched

security advisory

jira

email

patch

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

0.002 Low

EPSS

Percentile

54.0%

Impact

Any user with edit rights on a page (e.g., it’s own user page), can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the section ids in XWiki.AdminFieldsDisplaySheet. This page is installed by default.

Reproduction steps are described in https://jira.xwiki.org/browse/XWIKI-20261

Patches

The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Workarounds

The issue can be fixed by applying this patch on XWiki.AdminFieldsDisplaySheet.

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

References

github.com/xwiki/xwiki-platform

github.com/xwiki/xwiki-platform/commit/f1e310826a19acdcdecdecdcfe171d21f24d6ede

github.com/xwiki/xwiki-platform/security/advisories/GHSA-rfh6-mg6h-h668

jira.xwiki.org/browse/XWIKI-20261

nvd.nist.gov/vuln/detail/CVE-2023-29511

9.9 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:L

0.002 Low

EPSS

Percentile

54.0%

Related for OSV:GHSA-RFH6-MG6H-H668

prion1 osv1 nvd1 cve1 openvas1 cvelist1 github1