Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O

XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author

Impact

It's possible to use the right of an existing document content author to execute a text area property.

To reproduce:

    {{groovy}}println("hello from groovy!"){{/groovy}}

Patches

This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.

Workarounds

No known workaround.

References

https://jira.xwiki.org/browse/XWIKI-20373

For more information

If you have any questions or comments about this advisory:

Permalink: https://github.com/advisories/GHSA-3738-p9x3-mv9r
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS0zNzM4LXA5eDMtbXY5cs4AAx7O
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Critical
Classification: General
Published: about 1 year ago
Updated: about 1 year ago


CVSS Score: 10.0
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Identifiers: GHSA-3738-p9x3-mv9r, CVE-2023-26474
References: Repository: https://github.com/xwiki/xwiki-platform

Affected Packages

maven:org.xwiki.platform:xwiki-platform-legacy-oldcore
Affected Version Ranges: >= 14.5, < 14.10, >= 14.0, < 14.4.7, >= 13.10, < 13.10.11
Fixed in: 14.10, 14.4.7, 13.10.11
maven:org.xwiki.platform:xwiki-platform-oldcore
Affected Version Ranges: >= 14.5, < 14.10, >= 14.0, < 14.4.7, >= 13.10, < 13.10.11
Fixed in: 14.10, 14.4.7, 13.10.11