CVE-2023-29514

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 13.10.11 XWiki Platform versions prior to 14.4.8 XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0 RC1

Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document can execute code with programming rights, leading to remote code execution. The issue arises when a user sets the title of a document to a specific groovy script and then appends a particular sheet to the URL of another document.

Recommendations For versions prior to 13.10.11, upgrade to version 13.10.11 or later. For versions prior to 14.4.8, upgrade to version 14.4.8 or later. For versions prior to 14.10.1, upgrade to version 14.10.1 or later. For versions prior to 15.0 RC1, upgrade to version 15.0 RC1 or later. As a temporary workaround, consider patching the code in the affected XWiki document as shown in the available patch.