GHSA-w7v9-fc49-4qg4
Suggest an improvement- Source
- https://github.com/advisories/GHSA-w7v9-fc49-4qg4
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/04/GHSA-w7v9-fc49-4qg4/GHSA-w7v9-fc49-4qg4.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-w7v9-fc49-4qg4
- Aliases
- Related
- Published
- 2023-04-12T20:35:30Z
- Modified
- 2023-11-08T04:12:17.941813Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki Eval Injection vulnerability
- Details
-
Impact
Any user with view rights
WikiManager.DeleteWikican execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of thewikiIdurl parameter.A proof of concept exploit is to open <xwiki-host>/xwiki/bin/view/WikiManager/DeleteWiki?wikiId=%22+%2F%7D%7D+%7B%7Basync+async%3D%22true%22+cached%3D%22false%22+context%3D%22doc.reference%22%7D%7D%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+groovy%21%22%29%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fasync%7D%7D where <xwiki-host> is the URL of your XWiki installation.
Patches
The problem has been patched on XWiki 13.10.11, 14.4.7, and 14.10.
Workarounds
The issue can be fixed manually applying this patch.
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
- Database specific
{ "nvd_published_at": "2023-04-16T07:15:00Z", "github_reviewed_at": "2023-04-12T20:35:30Z", "severity": "CRITICAL", "github_reviewed": true, "cwe_ids": [ "CWE-94", "CWE-95" ] }- References
-
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-w7v9-fc49-4qg4
- https://nvd.nist.gov/vuln/detail/CVE-2023-29211
- https://github.com/xwiki/xwiki-platform/commit/ba4c76265b0b8a5e2218be400d18f08393fe1428#diff-64f39f5f2cc8c6560a44e21a5cfd509ef00e8a2157cd9847c9940a2e08ea43d1R63-R64
- https://github.com/xwiki/xwiki-platform
- https://jira.xwiki.org/browse/XWIKI-20297
Affected packages
Maven / org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Package
- Name
- org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki
Maven / org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Package
- Name
- org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki
Maven / org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
Package
- Name
- org.xwiki.platform:xwiki-platform-wiki-ui-mainwiki
- View open source insights on deps.dev
- Purl
- pkg:maven/org.xwiki.platform/xwiki-platform-wiki-ui-mainwiki