CVE-2023-40572
published 2023-08-24CVE-2023-40572: XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack…
PriorityP345high8CVSS 3.1
AVNACLPRLUIRSUCHIHAH
EPSS
0.55%
41.7th percentile
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| xwiki | xwiki | < 14.10.9 | 14.10.9 |
| xwiki | xwiki | — | — |
| xwiki | xwiki | — | — |
| xwiki | xwiki | — | — |
| xwiki | xwiki | — | — |
| xwiki | xwiki-platform | — | — |
| xwiki | xwiki-platform | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
osv·2023-08-23
CVE-2023-40572 [HIGH] XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
### Impact
The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. To reproduce, the XWiki syntax `[[image:path:/xwiki/bin/create/Foo/WebHome?template=&parent=Main.WebHome&title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)]]` can be added to any place that supports XWiki syntax like a comment. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable.
### Patches
This has been patched in XWiki 14.10.
GHSA
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
ghsa·2023-08-23
CVE-2023-40572 [HIGH] CWE-352 XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action
### Impact
The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. To reproduce, the XWiki syntax `[[image:path:/xwiki/bin/create/Foo/WebHome?template=&parent=Main.WebHome&title=$services.logging.getLogger(%22foo%22).error(%22Script%20executed!%22)]]` can be added to any place that supports XWiki syntax like a comment. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable.
### Patches
This has been patched in XWiki 14.10.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6mhttps://jira.xwiki.org/browse/XWIKI-20849https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6mhttps://jira.xwiki.org/browse/XWIKI-20849
2023-08-24
Published