PT-2023-22207 · Xwiki · Xwiki
Michael Hamann
·
Publicado
2023-04-12
·
Atualizado
2023-04-26
·
CVE-2023-29211
CVSS v3.1
9.9
Crítica
| Vetor | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
XWiki versions prior to 13.10.11
XWiki versions prior to 14.4.7
XWiki versions prior to 14.10
Description
The issue allows any user with view rights
WikiManager.DeleteWiki to execute arbitrary Groovy, Python, or Velocity code in XWiki, leading to full access to the XWiki installation. The root cause is improper escaping of the wikiId url parameter.Recommendations
For XWiki versions prior to 13.10.11, update to version 13.10.11 or later.
For XWiki versions prior to 14.4.7, update to version 14.4.7 or later.
For XWiki versions prior to 14.10, update to version 14.10 or later.
As a temporary workaround, consider restricting access to the
WikiManager.DeleteWiki function until a patch is applied.
Avoid using the wikiId parameter in the affected API endpoint until the issue is resolved.Exploit
Correção
Code Injection
Eval Injection
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Identificadores relacionados
Produtos afetados
Xwiki