CVE-2023-37912

Name of the Vulnerable Software and Affected Versions XWiki versions prior to 14.10.6 XWiki versions prior to 15.1-rc-1

Description The issue is related to the XWiki Rendering system, which converts textual input in a given syntax into another syntax. The footnote macro executed its content in a potentially different context than the one in which it was defined, allowing privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution. This impacts the confidentiality, integrity, and availability of the whole XWiki installation.

Recommendations For versions prior to 14.10.6, upgrade to version 14.10.6 or later. For versions prior to 15.1-rc-1, upgrade to version 15.1-rc-1 or later. As a general mitigation measure, consider restricting the use of the footnote macro until a patch is applied.