PT-2023-8598 · Xwiki · Xwiki Platform

Michael Hamann

Publicado

2023-04-18

Atualizado

2023-04-28

CVE-2023-29513

CVSS v3.1

5.0

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:N

Name of the Vulnerable Software and Affected Versions XWiki Platform versions prior to 14.10.1 XWiki Platform versions prior to 15.0-rc-1

Description The issue is related to insufficient access control in the XWiki Platform, allowing a remote attacker to create a new user. This can be achieved by exploiting the distribution/firstadminuser.wiki in the wrong context, if a guest has view rights on any document.

Recommendations For versions prior to 14.10.1, upgrade to version 14.10.1 or later. For versions prior to 15.0-rc-1, upgrade to version 15.0-rc-1 or later. As a temporary workaround, consider restricting guest view rights on documents to minimize the risk of exploitation.

Exploit

Correção

Improper Access Control

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-284

Identificadores relacionados

BDU:2024-01251

CVE-2023-29513

GHSA-FP36-MJW5-FMGX

Produtos afetados

Xwiki Platform

PT-2023-8598 · Xwiki · Xwiki Platform

CVE-2023-29513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 10