Vulnerability Details : CVE-2022-23616
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for an unprivileged user to perform a remote code execution by injecting a groovy script in her own profile and by calling the Reset password feature since the feature is performing a save of the user profile with programming rights in the impacted versions of XWiki. The issue has been patched in XWiki 13.1RC1. There are two different possible workarounds, each consisting of modifying the XWiki/ResetPassword page. 1. The Reset password feature can be entirely disabled by deleting the XWiki/ResetPassword page. 2. The script in XWiki/ResetPassword can also be modified or removed: an administrator can replace it with a simple email contact to ask an administrator to reset the password.
Vulnerability category: Execute code
Products affected by CVE-2022-23616
- cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
- cpe:2.3:a:xwiki:xwiki:3.1:milestone1:*:*:*:*:*:*
- cpe:2.3:a:xwiki:xwiki:3.1:milestone2:*:*:*:*:*:*
- cpe:2.3:a:xwiki:xwiki:3.1:rc1:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2022-23616
0.60%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 79 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2022-23616
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.5
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:P/A:P |
8.0
|
6.4
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
NIST | |
8.8
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
2.8
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2022-23616
-
The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.Assigned by: security-advisories@github.com (Primary)
References for CVE-2022-23616
-
https://jira.xwiki.org/browse/XWIKI-16661
[XWIKI-16661] RCE using reset password - XWiki.org JIRAPatch;Vendor Advisory
-
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mgjw-2wrp-r535
Remote code execution in user profiles with reset password · Advisory · xwiki/xwiki-platform · GitHubThird Party Advisory
Jump to