CVE-2023-29514
published 2023-04-19CVE-2023-29514: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their…
PriorityP259high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
1.86%
76.6th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user with edit rights on any document (e.g., their own user profile) can execute code with programming rights, leading to remote code execution. This vulnerability has been patched in XWiki 13.10.11, 14.4.8, 14.10.1 and 15.0 RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | < 13.10.11 | 13.10.11 |
| xwiki | xwiki | >= 14.0 < 14.4.8 | 14.4.8 |
| xwiki | xwiki | >= 14.5 < 14.10.1 | 14.10.1 |
| xwiki | xwiki-platform | < 13.10.11 | 13.10.11 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
XWiki vulnerable to Code Injection in template provider administration
osv·2023-04-20
CVE-2023-29514 [CRITICAL] XWiki vulnerable to Code Injection in template provider administration
XWiki vulnerable to Code Injection in template provider administration
### Impact
Any user with edit rights on any document (e.g., the own user profile) can execute code with programming rights, leading to remote code execution by following these steps:
1. Set the title of any document you can edit (can be the user profile) to
```
{{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}
```
2. Use the object editor to add an object of type `XWiki.TemplateProviderClass` (named "Template Provider Class") to that document.
3. Go to another document you can view (can be the home page) and append `?sheet=XWiki.AdminTemplatesSheet` to the URL.
When the attack is successful, a template with name "Hello from groovy!" is disp
GHSA
XWiki vulnerable to Code Injection in template provider administration
ghsa·2023-04-20
CVE-2023-29514 [CRITICAL] CWE-74 XWiki vulnerable to Code Injection in template provider administration
XWiki vulnerable to Code Injection in template provider administration
### Impact
Any user with edit rights on any document (e.g., the own user profile) can execute code with programming rights, leading to remote code execution by following these steps:
1. Set the title of any document you can edit (can be the user profile) to
```
{{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}
```
2. Use the object editor to add an object of type `XWiki.TemplateProviderClass` (named "Template Provider Class") to that document.
3. Go to another document you can view (can be the home page) and append `?sheet=XWiki.AdminTemplatesSheet` to the URL.
When the attack is successful, a template with name "Hello from groovy!" is disp
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4jhttps://jira.xwiki.org/browse/XWIKI-20268https://github.com/xwiki/xwiki-platform/commit/7bf7094f8ffac095f5d66809af7554c9cc44de09https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9j36-3cp4-rh4jhttps://jira.xwiki.org/browse/XWIKI-20268
2023-04-19
Published