PT-2022-26168 · Xwiki · Xwiki Platform
Thomas Mortagne
·
Published
2022-11-21
·
Updated
2022-11-28
·
CVE-2022-41937
CVSS v3.1
9.6
Critical
| Vector | AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions prior to 13.10.8
XWiki Platform versions prior to 14.6
Description
The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package.
Recommendations
For versions prior to 13.10.8, update to version 13.10.8 or later.
For versions prior to 14.6, update to version 14.6 or later.
As a temporary workaround, consider setting the right of the page Filter.WebHome and making sure only the main wiki administrators can view the application installed on the main wiki or edit the page and apply the changes described in commit fb49b4f.
Exploit
Fix
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Xwiki Platform