CVE-2023-50721

EPSS 43.25%
Veröffentlicht 15.12.2023 19:15:09
Zuletzt bearbeitet 21.11.2024 08:37:12
Quelle security-advisories@github.com
Teams Watchlist Login
Unerledigt Login

XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user.  The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Xwiki ≫ Xwiki Version >= 4.5 < 14.10.5

Xwiki ≫ Xwiki Version >= 15.0 < 15.5.2

Xwiki ≫ Xwiki Version15.6 Update-

Xwiki ≫ Xwiki Version15.6 Updaterc1

Xwiki ≫ Xwiki Version15.7 Updaterc1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	43.25%	0.974

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com	9.9	3.1	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE-94 Improper Control of Generation of Code ('Code Injection')

The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766

Patch

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x

Patch

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-21200

Patch

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2023-50721

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-50721

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-50721

EUVD