GHSA-8cw6-4r32-6r3h
Suggest an improvement- Source
- https://github.com/advisories/GHSA-8cw6-4r32-6r3h
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/03/GHSA-8cw6-4r32-6r3h/GHSA-8cw6-4r32-6r3h.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-8cw6-4r32-6r3h
- Aliases
- Published
- 2023-03-03T22:49:27Z
- Modified
- 2023-11-08T04:11:57.467930Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- XWiki Platform may allow privilege escalation to programming rights via user's first name
- Details
-
Impact
Any user can edit his own profile and inject code which is going to be executed with programming right.
Steps to reproduce:
- Set your first name to
{{cache id="userProfile"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/cache}}
The first name appears as interpreted "
Hello from groovy" instead of the expected fully escaped "{{cache id="userProfile"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/cache}}".The same vulnerability can also be exploited in all other places where short text properties are displayed, e.g., in apps created using Apps Within Minutes that use a short text field.
Patches
The problem has been patched on versions 13.10.9, 14.4.4, 14.7RC1.
Workarounds
There are no other workarounds than upgrading XWiki or patching the xwiki-commons-xml JAR file.
References
- https://jira.xwiki.org/browse/XWIKI-19793
- https://jira.xwiki.org/browse/XWIKI-19794
- https://jira.xwiki.org/browse/XCOMMONS-2498
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
- Set your first name to
- Database specific
{ "github_reviewed": true, "github_reviewed_at": "2023-03-03T22:49:27Z", "nvd_published_at": "2023-03-02T19:15:00Z", "severity": "CRITICAL", "cwe_ids": [ "CWE-150" ] }- References
Affected packages
Maven
org.xwiki.commons:xwiki-commons-xml
Package
- Name
- org.xwiki.commons:xwiki-commons-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.commons/xwiki-commons-xml
Affected versions
3.*
3.2-milestone-3
3.2-rc-1
3.2
3.2.1
3.3-milestone-1
3.3-milestone-2
3.3-rc-1
3.3
3.3.1
3.4-milestone-1
3.4-rc-1
3.4
3.5-milestone-1
3.5
3.5.1
4.*
4.0-milestone-1
4.0-milestone-2
4.0-rc-1
4.0
4.0.1
4.1-milestone-1
4.1-milestone-2
4.1-rc-1
4.1
4.1.1
4.1.2
4.1.3
4.1.4
4.2-milestone-1
4.2-milestone-2
4.2-milestone-3
4.2-rc-1
4.2
4.3-milestone-1
4.3-milestone-2
4.3-rc-1
4.3
4.3.1
4.4-rc-1
4.4
4.4.1
4.5-milestone-1
4.5-rc-1
4.5
4.5.1
4.5.2
4.5.3
5.*
5.0-milestone-1
5.0-milestone-2
5.0-rc-1
5.0
5.0.1
5.0.2
5.0.3
5.1-milestone-1
5.1-milestone-2
5.1-rc-1
5.1
5.2-milestone-1
5.2-milestone-2
5.2-rc-1
5.2
5.2.1
5.2.2
5.2.3
5.2.4
5.3-milestone-1
5.3-milestone-2
5.3-rc-1
5.3
5.4-milestone-1
5.4-rc-1
5.4
5.4.1
5.4.2
5.4.3
5.4.4
5.4.5
5.4.6
5.4.7
6.*
6.0-milestone-1
6.0-milestone-2
6.0-rc-1
6.0
6.0.1
6.1-milestone-1
6.1-milestone-2
6.1-rc-1
6.1
6.2-milestone-1
6.2-milestone-2
6.2-rc-1
6.2
6.2.1
6.2.2
6.2.3
6.2.4
6.2.5
6.2.6
6.2.7
6.3-milestone-1
6.3-milestone-2
6.3-rc-1
6.3
6.4-milestone-1
6.4-milestone-2
6.4-milestone-3
6.4-rc-1
6.4
6.4.1
6.4.2
6.4.3
6.4.4
6.4.5
6.4.6
6.4.7
6.4.8
7.*
7.0-milestone-1
7.0-milestone-2
7.0-rc-1
7.0
7.0.1
7.1-milestone-1
7.1-milestone-2
7.1-rc-1
7.1
7.1.1
7.1.2
7.1.3
7.1.4
7.2-milestone-1
7.2-milestone-2
7.2-milestone-3
7.2-rc-1
7.2
7.3-milestone-1
7.3-rc-1
7.3
7.4-milestone-1
7.4-milestone-2
7.4-rc-1
7.4
7.4.1
7.4.2
7.4.3
7.4.4
7.4.5
7.4.6
8.*
8.0-milestone-1
8.0-milestone-2
8.0-rc-1
8.0
8.1-milestone-1
8.1-milestone-2
8.1-rc-1
8.1
8.2-milestone-1
8.2-milestone-2
8.2-rc-1
8.2
8.2.1
8.2.2
8.3-milestone-2
8.3-rc-1
8.3
8.4-rc-1
8.4
8.4.1
8.4.2
8.4.3
8.4.4
8.4.5
8.4.6
9.*
9.0-rc-1
9.0
9.1-rc-1
9.1
9.1.1
9.1.2
9.2-rc-1
9.2
9.3-rc-1
9.3
9.3.1
9.4-rc-1
9.4
9.5-rc-1
9.5
9.5.1
9.6-rc-1
9.6
9.7-rc-1
9.7
9.8-rc-1
9.8
9.8.1
9.9-rc-1
9.9-rc-2
9.9
9.10-rc-1
9.10
9.10.1
9.11-rc-1
9.11
9.11.1
9.11.2
9.11.3
9.11.4
9.11.5
9.11.6
9.11.7
9.11.8
9.11.9
10.*
10.0
10.1-rc-1
10.1
10.2
10.3
10.4-rc-1
10.4
10.5-rc-1
10.5
10.6-rc-1
10.6
10.6.1
10.7-rc-1
10.7
10.7.1
10.8-rc-1
10.8
10.8.1
10.8.2
10.8.3
10.9
10.10-rc-1
10.10
10.11-rc-1
10.11
10.11.1
10.11.2
10.11.3
10.11.4
10.11.5
10.11.6
10.11.7
10.11.8
10.11.9
10.11.10
10.11.11
11.*
11.0
11.0.1
11.0.2
11.0.3
11.1-rc-1
11.1
11.2-rc-1
11.2
11.3-rc-1
11.3
11.3.1
11.3.2
11.3.3
11.3.4
11.3.5
11.3.6
11.3.7
11.4-rc-1
11.4
11.5-rc-1
11.5
11.6-rc-1
11.6
11.6.1
11.7-rc-1
11.7
11.8-rc-1
11.8
11.8.1
11.9
11.10
11.10.1
11.10.2
11.10.3
11.10.4
11.10.5
11.10.6
11.10.7
11.10.8
11.10.10
11.10.11
11.10.12
11.10.13
12.*
12.0-rc-1
12.0
12.1-rc-1
12.1
12.2
12.2.1
12.3-rc-1
12.3
12.4-rc-1
12.4
12.5-rc-1
12.5
12.5.1
12.6
12.6.1
12.6.2
12.6.3
12.6.4
12.6.5
12.6.6
12.6.7
12.6.8
12.7-rc-1
12.7
12.7.1
12.8-rc-1
12.8
12.9-rc-1
12.9
12.10
12.10.1
12.10.2
12.10.3
12.10.4
12.10.5
12.10.6
12.10.7
12.10.8
12.10.9
12.10.10
12.10.11
13.*
13.0
13.1-rc-1
13.1
13.2-rc-1
13.2
13.3-rc-1
13.3
13.4-rc-1
13.4
13.4.1
13.4.2
13.4.3
13.4.4
13.4.5
13.4.6
13.4.7
13.5-rc-1
13.5
13.6-rc-1
13.6
13.7-rc-1
13.7
13.8-rc-1
13.8
13.9-rc-1
13.9
13.10-rc-1
13.10
13.10.1
13.10.2
13.10.3
13.10.4
13.10.5
13.10.6
13.10.7
13.10.8
org.xwiki.commons:xwiki-commons-xml
Package
- Name
- org.xwiki.commons:xwiki-commons-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.commons/xwiki-commons-xml
org.xwiki.commons:xwiki-commons-xml
Package
- Name
- org.xwiki.commons:xwiki-commons-xml
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.commons/xwiki-commons-xml