CVE-2023-29525
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2023-29525
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29525.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-29525
- Aliases
- Published
- 2023-04-18T23:01:46.239Z
- Modified
- 2025-11-23T18:13:04.672135Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- Privilege escalation from view right on XWiki.Notifications.Code.LegacyNotificationAdministration in xwiki-platform
- Details
-
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the
sinceparameter of the/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministrationendpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the pageXWiki.Notifications.Code.LegacyNotificationAdministrationto add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file<xwikiwebapp>/templates/distribution/eventmigration.wikito add the missing escaping. - Database specific
{ "cwe_ids": [ "CWE-74" ] }- References
-
- https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766
- https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj
- https://jira.xwiki.org/browse/XWIKI-20287
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixed