CVE-2023-26472

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-26472

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-26472.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-26472

Aliases

GHSA-vwr6-qp4q-2wj7

Published

2023-03-02T18:25:06Z

Modified

2025-11-13T15:13:08.032259Z

Severity

9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator

Summary

XWiki Platform vulnerable to privilege escalation via async macro and IconThemeSheet from the user profile

Details

XWiki Platform is a generic wiki platform. Starting in version 6.2-milestone-1, one can execute any wiki content with the right of IconThemeSheet author by creating an icon theme with certain content. This can be done by creating a new page or even through the user profile for users not having edit right. The issue has been patched in XWiki 14.9, 14.4.6, and 13.10.10. An available workaround is to fix the bug in the page IconThemesCode.IconThemeSheet by applying a modification from commit 48caf7491595238af2b531026a614221d5d61f38.

Database specific

{
    "cwe_ids": [
        "CWE-116"
    ]
}

References

Affected packages

Git / github.com/xwiki/xwiki-commons

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-commons
Events: Introduced

75947046d8ce1c942b6355740686f6673dc8aff8

Fixed

bc18e50bcf9ea40d1e25ff8d065b3178c8247f16

Git / github.com/xwiki/xwiki-platform

Affected ranges

Type: GIT
Repo: https://github.com/xwiki/xwiki-platform
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

48caf7491595238af2b531026a614221d5d61f38

Affected versions

xwiki-application-calendar-1.*

xwiki-application-calendar-1.0

xwiki-platform-7.*

xwiki-platform-7.3-milestone-2

xwiki-platform-7.4-milestone-1

xwiki-platform-7.4-milestone-2

xwiki-platform-8.*

xwiki-platform-8.0-milestone-1

xwiki-platform-8.0-milestone-2

xwiki-platform-8.1-milestone-1

xwiki-platform-8.1-milestone-2

xwiki-platform-8.2-milestone-1

xwiki-platform-8.2-milestone-2

xwiki-platform-8.3-milestone-1

xwiki-platform-9.*

xwiki-platform-9.9-rc-2

xwiki-plugin-tag-1.*

xwiki-plugin-tag-1.1

Database specific

vanir_signatures

[
    {
        "id": "CVE-2023-26472-3a4b15b4",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-test/xwiki-platform-icon-test-docker/src/test/it/org/xwiki/icon/test/ui/IconThemesSheetIT.java"
        },
        "source": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38",
        "digest": {
            "line_hashes": [
                "241436754504398272115648114039472953574",
                "91322937624014975635415446494396992257",
                "32103860525410293523379766074701381496",
                "251605682384583568173130527076895348872",
                "176551276031469405012969301531465065399",
                "249738932794603918895147802874559061868",
                "237442739760926075942755818721344793633",
                "130673880832601592644806389243963285305",
                "325709585179185583938258691930285524337",
                "232692643542311480839110895877709850802",
                "271270627431092994921900384647716790093",
                "147301953474738703334801375231293423059",
                "163957069989654941094346220246830015359",
                "263229491503953019806419193904670929484",
                "68509759500716473715608746482911164635",
                "254770110771673016696578075623870701522",
                "221369428011411488614213454908029643030",
                "129053359995965941106466394826931947357",
                "198466006606398407417315422343812703261",
                "15460976080312045789568412561963791854",
                "272194200802180404642967107862461350221",
                "45278952514421645158794402732721465786",
                "225970964121589067238554686818687468426",
                "306012811753088034862851382009846738112",
                "237489778573347151907735532903319859318"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line"
    },
    {
        "id": "CVE-2023-26472-e14c9718",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "setUp",
            "file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-test/xwiki-platform-icon-test-docker/src/test/it/org/xwiki/icon/test/ui/IconThemesSheetIT.java"
        },
        "source": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38",
        "digest": {
            "length": 57.0,
            "function_hash": "99005501258412968266234264224712886451"
        },
        "signature_type": "Function"
    },
    {
        "id": "CVE-2023-26472-f4f9daf6",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "function": "createIconTheme",
            "file": "xwiki-platform-core/xwiki-platform-icon/xwiki-platform-icon-test/xwiki-platform-icon-test-docker/src/test/it/org/xwiki/icon/test/ui/IconThemesSheetIT.java"
        },
        "source": "https://github.com/xwiki/xwiki-platform/commit/48caf7491595238af2b531026a614221d5d61f38",
        "digest": {
            "length": 353.0,
            "function_hash": "83324234962206109018852746895563801560"
        },
        "signature_type": "Function"
    }
]