CVE-2023-35166
published 2023-06-20CVE-2023-35166: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the…
PriorityP270high8.8CVSS 3.1
AVNACLPRLUINSUCHIHAH
EPSS
63.12%
99.1th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension. This has been patched in XWiki 15.1-rc-1 and 14.10.5.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | >= 8.1 < 14.10.5 | 14.10.5 |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
ghsa·2023-06-20
CVE-2023-35166 [HIGH] CWE-863 XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
### Impact
It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension.
To reproduce:
* Add an object of type UIExtensionClass
* Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel
* Set "Extension ID" to org.xwiki.platform.user.test (needs to be unique but otherwise doesn't matter)
* Set "Extension Parameters" to
```
tip={{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}
```
* Set "Extension Scope" to "Current User".
* Click "Save & View"
* Open the "Help.TipsPanel" document at /xwiki/bin/view/Help/TipsPanel where is the URL of your XWiki installation and press refr
OSV
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
osv·2023-06-20
CVE-2023-35166 [HIGH] XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
XWiki Platform vulnerable to privilege escalation (PR) from account through TipsPanel
### Impact
It's possible to execute any wiki content with the right of the TipsPanel author by creating a tip UI extension.
To reproduce:
* Add an object of type UIExtensionClass
* Set "Extension Point ID" to org.xwiki.platform.help.tipsPanel
* Set "Extension ID" to org.xwiki.platform.user.test (needs to be unique but otherwise doesn't matter)
* Set "Extension Parameters" to
```
tip={{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}
```
* Set "Extension Scope" to "Current User".
* Click "Save & View"
* Open the "Help.TipsPanel" document at /xwiki/bin/view/Help/TipsPanel where is the URL of your XWiki installation and press refr
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7hhttps://jira.xwiki.org/browse/XWIKI-20281https://github.com/xwiki/xwiki-platform/commit/98208c5bb1e8cdf3ff1ac35d8b3d1cb3c28b3263#diff-4e3467d2ef3871a68b2f910e67cf84531751b32e0126321be83c0f1ed5d90b29L176-R178https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h7cw-44vp-jq7hhttps://jira.xwiki.org/browse/XWIKI-20281
2023-06-20
Published