Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
Impact
It's possible to use the right of an existing document content author to execute a text area property.
To reproduce:
- As an admin with programming rights, create a new user without script or programming right.
- Login with the freshly created user.
- Insert the following text in source mode in the about section:
{{groovy}}println("hello from groovy!"){{/groovy}}
- Click "Save & View"
Patches
This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
Workarounds
No known workaround.
References
https://jira.xwiki.org/browse/XWIKI-20373
For more information
If you have any questions or comments about this advisory:
- Open an issue in Jira
- Email us at Security ML
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: over 1 year ago
Updated: over 1 year ago
CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Identifiers: GHSA-3738-p9x3-mv9r, CVE-2023-26474
References:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r
- https://nvd.nist.gov/vuln/detail/CVE-2023-26474
- https://jira.xwiki.org/browse/XWIKI-20373
- https://github.com/advisories/GHSA-3738-p9x3-mv9r
Blast Radius: 1.0
Affected Packages
maven:org.xwiki.platform:xwiki-platform-legacy-oldcore
Affected Version Ranges: >= 14.5, < 14.10, >= 14.0, < 14.4.7, >= 13.10, < 13.10.11Fixed in: 14.10, 14.4.7, 13.10.11
maven:org.xwiki.platform:xwiki-platform-oldcore
Affected Version Ranges: >= 14.5, < 14.10, >= 14.0, < 14.4.7, >= 13.10, < 13.10.11Fixed in: 14.10, 14.4.7, 13.10.11