CVE-2023-26474
published 2023-03-02CVE-2023-26474: XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text…
PriorityP347high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
0.79%
51.5th percentile
XWiki Platform is a generic wiki platform. Starting in version 13.10, it's possible to use the right of an existing document content author to execute a text area property. This has been patched in XWiki 14.10, 14.4.7, and 13.10.11. There are no known workarounds.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | >= 13.10 < 13.10.11 | 13.10.11 |
| xwiki | xwiki | >= 14.0 < 14.4.7 | 14.4.7 |
| xwiki | xwiki | >= 14.5 < 14.10 | 14.10 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
ghsa·2023-03-03
CVE-2023-26474 [CRITICAL] CWE-284 XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
### Impact
It's possible to use the right of an existing document content author to execute a text area property.
To reproduce:
* As an admin with programming rights, create a new user without script or programming right.
* Login with the freshly created user.
* Insert the following text in source mode in the about section:
```
{{groovy}}println("hello from groovy!"){{/groovy}}
```
* Click "Save & View"
### Patches
This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
### Workarounds
No known workaround.
### References
https://jira.xwiki.org/browse/XWIKI-20373
### For more information
If you have any questions or comments about this advisory:
* Open an issu
OSV
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
osv·2023-03-03
CVE-2023-26474 [CRITICAL] XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author
### Impact
It's possible to use the right of an existing document content author to execute a text area property.
To reproduce:
* As an admin with programming rights, create a new user without script or programming right.
* Login with the freshly created user.
* Insert the following text in source mode in the about section:
```
{{groovy}}println("hello from groovy!"){{/groovy}}
```
* Click "Save & View"
### Patches
This has been patched in XWiki 14.10, 14.4.7, and 13.10.11.
### Workarounds
No known workaround.
### References
https://jira.xwiki.org/browse/XWIKI-20373
### For more information
If you have any questions or comments about this advisory:
* Open an issu
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2023-03-02
Published