PT-2023-22299 · Xwiki · Xwiki Platform
Simon Urli
·
Published
2023-04-18
·
Updated
2023-04-28
·
CVE-2023-29520
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
XWiki Platform versions prior to 13.10.11
XWiki Platform versions prior to 14.4.8
XWiki Platform versions prior to 14.10.1
XWiki Platform versions prior to 15.0-rc-1
Description
The XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object, leading to a broken page.
Recommendations
For versions prior to 13.10.11, upgrade to version 13.10.11 or later.
For versions prior to 14.4.8, upgrade to version 14.4.8 or later.
For versions prior to 14.10.1, upgrade to version 14.10.1 or later.
For versions prior to 15.0-rc-1, upgrade to version 15.0-rc-1 or later.
As a temporary workaround, consider fixing any way to create a document that fails to load, until a patch is applied.
Exploit
Fix
Improper Handling of Exceptional Conditions
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Xwiki Platform