CVE-2023-29526

19.04.2023, 00:15

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.

Injection

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	9.9 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
GitHub_M	CNA	10 CRITICAL	NETWORK	LOW	LOW	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
CVE	ADP	---				---
CISA-ADP	ADP	---				---

Base Score

CVSS 3.x

EPSS Score

Percentile: 85%

Vendor	Product	Version
xwiki	xwiki	10.11.1 ≤ 𝑥 < 13.10.11
xwiki	xwiki	14.0 ≤ 𝑥 < 14.4.8
xwiki	xwiki	14.5 ≤ 𝑥 < 14.10.3

𝑥

= Vulnerable software versions

Known Exploits!

Common Weakness Enumeration

CWE-74 - Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')
The software constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5

https://jira.xwiki.org/browse/XRENDERING-694

https://jira.xwiki.org/browse/XWIKI-20394

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5

https://jira.xwiki.org/browse/XRENDERING-694

https://jira.xwiki.org/browse/XWIKI-20394