Pipeline: Groovy Security Vulnerabilities

Code injection

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

CVE-2023-27479 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-panels-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper...

Security Bulletin: IBM Spectrum Control is vulnerable to multiple weaknesses related to Apache Groovy

Summary Vulnerabilities in Apache Groovy such as remote attacker executing arbitrary code on the system, allowing a local authenticated attacker to obtain sensitive information, may affect IBM Spectrum Control. These vulnerabilities have been addressed. Vulnerability Details ** CVEID:...

(RHSA-2023:1064) Critical: OpenShift Developer Tools and Services for OCP 4.12 security update

Jenkins is a continuous integration server that monitors executions of repeated jobs, such as building a software project or jobs run by cron. Security Fix(es): jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401) ...

XWiki 6.2.4 < 13.10.10, 14.x < 14.4.6, 14.5.x < 14.9-rc-1 Eval Injection Vulnerability (GHSA-x2qm-r4wx-8gpg)

Xwiki is prone to an eval injection...

org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters form_token=1&action=create. For instance:...

org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

Impact It's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters form_token=1&action=create. For instance:...

XWiki Platform users may execute anything with superadmin right through comments and async macro

Impact Comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled) but the async macro is not taking into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki...

XWiki Platform users may execute anything with superadmin right through comments and async macro

Impact Comments are supposed to be executed with the right of superadmin but in restricted mode (anything dangerous is disabled) but the async macro is not taking into account the restricted mode. This means that any user with comment right can use the async macro to make it execute any wiki...

XWiki Platform may allow privilege escalation to programming rights via user's first name

Impact Any user can edit his own profile and inject code which is going to be executed with programming right. Steps to reproduce: Set your first name to {{cache id="userProfile"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/cache}} The first name appears as interpreted "Hello from...

XWiki Platform may allow privilege escalation to programming rights via user's first name

Impact Any user can edit his own profile and inject code which is going to be executed with programming right. Steps to reproduce: Set your first name to {{cache id="userProfile"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/cache}} The first name appears as interpreted "Hello from...

XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile

Impact One can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with the following content: }}} {{async async="true"}} {{groovy}} println("Hello from Groovy!") {{/groovy}} {{/async}} {{{ Can be done by creating a new page or even through the user profile...

XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile

Impact One can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with the following content: }}} {{async async="true"}} {{groovy}} println("Hello from Groovy!") {{/groovy}} {{/async}} {{{ Can be done by creating a new page or even through the user profile...

XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact It's possible to use the right of an existing document content author to execute a text area property. To reproduce: As an admin with programming rights, create a new user without script or programming right. Login with the freshly created user. Insert the following text in source mode in...

XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact It's possible to use the right of an existing document content author to execute a text area property. To reproduce: As an admin with programming rights, create a new user without script or programming right. Login with the freshly created user. Insert the following text in source mode in...

Jenkins plugins Multiple Vulnerabilities (2022-10-19)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: A sandbox bypass vulnerability involving various casts performed implicitly by the Groovy language runtime in Jenkins Script Security...

CVE-2023-26477

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters. This has been...

CVE-2023-26477

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters. This has been...

CVE-2023-26477

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters. This has been...

Design/Logic Flaw

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters. This has been...

CVE-2023-26477 org.xwiki.platform:xwiki-platform-flamingo-theme-ui Eval Injection vulnerability

XWiki Platform is a generic wiki platform. Starting in versions 6.3-rc-1 and 6.2.4, it's possible to inject arbitrary wiki syntax including Groovy, Python and Velocity script macros via the newThemeName request parameter (URL parameter), in combination with additional parameters. This has been...

xwiki-platform vulnerable to Remote Code Execution in Annotations

Impact The annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. To reproduce: add an annotation with the content {{groovy}}print "hello"{{/groovy}} and click the yellow...

xwiki-platform vulnerable to Remote Code Execution in Annotations

Impact The annotation displayer does not execute the content in a restricted context. This allows executing anything with the right of the author of any document by annotating the document. To reproduce: add an annotation with the content {{groovy}}print "hello"{{/groovy}} and click the yellow...

Jenkins plugins Multiple Vulnerabilities (2023-01-24)

According to their self-reported version numbers, the version of Jenkins plugins running on the remote web server are affected by multiple vulnerabilities: High Script Security Plugin provides a sandbox feature that allows low privileged users to define scripts, including Pipelines, that are...

(RHSA-2023:0777) Critical: OpenShift Container Platform 4.9.56 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.9.56. See the following advisory for the container...

When Groovy Console Permission level is Only Jira System Admins The Users has Jira Administrator role are not able to add post function except via Run a Groovy script with this transition link

h3. Issue Summary When the permission level is "Only Jira System Admin" and the logged in user has Jira Administrator role, The user is not able to add post function via links except "Run a Groovy script with this transition" link. h3. Steps to Reproduce # Login via User who has Jira system admin.....

(RHSA-2023:0560) Critical: OpenShift Container Platform 4.10.51 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. Security Fix(es): jenkins-plugin/script-security: Sandbox bypass vulnerabilities in Jenkins Script Security Plugin (CVE-2022-43401)...

Ubuntu: Security Advisory (USN-4795-1)

The remote host is missing an update for...

Security Bulletin: Multiple vulnerabilities found on thirdparty libraries used by IBM® MobileFirst Platform

Summary There are multiple vulnerabilities in open source libraries used by IBM MobileFirst Platform Foundation. They are addressed in this update. Vulnerability Details ** CVEID: CVE-2020-17521 DESCRIPTION: **Apache Groovy could allow a local authenticated attacker to obtain sensitive...

CVE-2023-24422

A flaw was found in the script-security Jenkins Plugin. In affected versions of the script-security plugin, property assignments performed implicitly by the Groovy language runtime when invoking map constructors were not intercepted by the sandbox. This vulnerability allows attackers with...

(RHSA-2023:0017) Important: OpenShift Container Platform 4.8.56 packages and security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.8.56. See the following advisory for the container...

XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery

Impact The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters...

XWiki CKEditor.HTMLConverter vulnerable to Remote Code Execution via Cross-Site Request Forgery

Impact The CKEditor.HTMLConverter document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters...

XWiki Platform code injection vulnerability

XWiki Platform is a Wiki platform for creating Web collaboration applications from the French company XWiki. XWiki Platform is vulnerable to code injection. The vulnerability stems from the macro content and menu macro parameters are not properly escaped, an attacker can use the vulnerability to...

XWiki 6.4-milestone-2 < 13.10.7, 14.x < 14.4.2 Eval Injection Vulnerability (GHSA-5j7g-cf6r-g2h7)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code (eval injection)...

XWiki < 13.10.8, 14.x < 14.4.3, 14.5.x < 14.6-rc-1 Eval Injection Vulnerability (GHSA-6w8h-26xx-cf8q)

Xwiki is prone to an improper neutralization of directives in dynamically evaluated code (eval injection)...

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper.....

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2022-41934

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper.....

CVE-2022-41931

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper.....

Design/Logic Flaw

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

Design/Logic Flaw

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper.....

CVE-2022-41931 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in xwiki-platform-icon-ui

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper.....

CVE-2022-41934 Improper Neutralization of Directives in Dynamically Evaluated Code in org.xwiki.platform:xwiki-platform-menu-ui

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui

Impact Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The issue can...

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in org.xwiki.platform:xwiki-platform-menu-ui

Impact Any user with view rights on commonly accessible documents including the menu macro can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation due to improper escaping of the macro content and parameters of the menu macro. The issue can...

Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default

Impact We discovered that when the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and next versions. Note that it only concerns the reset password feature available from the "Forgot your password" link.....

Plaintext storage of password after a reset in org.xwiki.platform:xwiki-platform-security-authentication-default

Impact We discovered that when the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and next versions. Note that it only concerns the reset password feature available from the "Forgot your password" link.....