CVE-2023-32069

Published: May 9, 2023Modified: Nov 21, 2024

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: NVD

Description

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.

Affected (2)

Products: Xwiki: Xwiki

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Xwiki Xwiki	From 3.4 to 14.10.4
Xwiki Xwiki	Version 3.3 milestone2

Related CWEs

Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (6)

https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4

Source: security-advisories@github.com

Patch

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f

Source: security-advisories@github.com

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-20566

Source: security-advisories@github.com

Vendor Advisory

https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-20566

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.