CVE-2023-27480
published 2023-03-07CVE-2023-27480: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a…
PriorityP344high7.7CVSS 3.1
AVNACLPRLUINSCCHINAN
EPSS
0.75%
50.2th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit rights on a document can trigger an XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host. This vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1. Users are advised to upgrade. Users unable to upgrade may apply the patch `e3527b98fd` manually.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | < 13.10.11 | 13.10.11 |
| xwiki | xwiki | — | — |
| xwiki | xwiki | >= 14.0 < 14.4.7 | 14.4.7 |
| xwiki | xwiki | >= 14.5 < 14.10 | 14.10 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
osv·2023-03-08
CVE-2023-27480 [HIGH] XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
### Impact
Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host.
Example to reproduce:
* Create a forget XAR file and inside it, have the following `package.xml` content:
```xml
]>
&xxe;
&xxe; Helper pages for creating and listing Class/Template/Sheets
XWiki.Admin
...
```
* Upload it onto a wiki page (e.g. `XXE`) as an attachment (e.g. `test.xar`).
* Call the page using `http://localhost:8080/xwiki/bin/view/Main/XXE?sheet=XWiki.AdminImportSheet&file=test.xar`
You'll then notice that the displayed UI contains the content of the `/etc/passwd` file.
### Patches
The vulnerab
GHSA
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
ghsa·2023-03-08
CVE-2023-27480 [HIGH] CWE-611 XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
XWiki Platform vulnerable to data leak via Improper Restriction of XML External Entity Reference
### Impact
Any user with edit rights on a document can trigger a XAR import on a forged XAR file, leading to the ability to display the content of any file on the XWiki server host.
Example to reproduce:
* Create a forget XAR file and inside it, have the following `package.xml` content:
```xml
]>
&xxe;
&xxe; Helper pages for creating and listing Class/Template/Sheets
XWiki.Admin
...
```
* Upload it onto a wiki page (e.g. `XXE`) as an attachment (e.g. `test.xar`).
* Call the page using `http://localhost:8080/xwiki/bin/view/Main/XXE?sheet=XWiki.AdminImportSheet&file=test.xar`
You'll then notice that the displayed UI contains the content of the `/etc/passwd` file.
### Patches
The vulnerab
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6vhttps://jira.xwiki.org/browse/XWIKI-20320https://github.com/xwiki/xwiki-platform/commit/e3527b98fdd8dc8179c24dc55e662b2c55199434https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx4f-976g-7g6vhttps://jira.xwiki.org/browse/XWIKI-20320
2023-03-07
Published