Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1qcDU1LXZ2bWYtNjNtds0p1Q
URL Redirection to Untrusted Site ('Open Redirect')
Impact
There's no protection against URL redirection to untrusted site, in particular some well known parameters (xredirect) can be used to perform such redirections.
Patches
The problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1.
Workarounds
There's no known workaround for this issue.
References
https://jira.xwiki.org/browse/XWIKI-10309
For more information
If you have any questions or comments about this advisory:
- Open an issue in JIRA
- Email us at Security ML
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1qcDU1LXZ2bWYtNjNtds0p1Q
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: about 2 years ago
Updated: about 1 year ago
CVSS Score: 4.7
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N
Identifiers: GHSA-jp55-vvmf-63mv, CVE-2022-23618
References:
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
- https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096
- https://jira.xwiki.org/browse/XWIKI-10309
- https://nvd.nist.gov/vuln/detail/CVE-2022-23618
- https://github.com/advisories/GHSA-jp55-vvmf-63mv
Blast Radius: 1.0
Affected Packages
maven:org.xwiki.platform:xwiki-platform-oldcore
Affected Version Ranges: >= 13.0.0, <= 13.2, < 12.10.7Fixed in: 13.3RC1, 12.10.7