CVE-2023-29517 : XWiki Platform is a generic wiki platform offering runtime services for applicat

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The office document viewer macro was allowing anyone to see any file content from the hosting server, provided that the office server was connected and depending on the permissions of the user running the servlet engine (e.g. tomcat) running XWiki. The same vulnerability also allowed to perform internal requests to resources from the hosting server. The problem has been patched in XWiki 13.10.11, 14.10.1, 14.4.8, 15.0-rc-1. Users are advised to upgrade. It might be possible to workaround this vulnerability by running XWiki in a sandbox with a user with very low privileges on the machine.

Published 2023-04-19 00:15:09

Updated 2023-04-28 17:28:34

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Information leak

Products affected by CVE-2023-29517

Xwiki » Xwiki
Versions from including (>=) 14.5 and before (<) 14.10.1
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Matching versions
Xwiki » Xwiki
Versions before (<) 13.10.11
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Matching versions
Xwiki » Xwiki
Versions from including (>=) 14.0 and before (<) 14.4.8
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-29517

EPSS FAQ

1.88%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 82 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-29517

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N	3.9	3.6	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: High Integrity: None Availability: None

CWE ids for CVE-2023-29517

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-29517

https://jira.xwiki.org/browse/XWIKI-20324

[XWIKI-20324] SSRF - Retrieve sensitive data from server - Add Gadget - XWiki.org JIRA
Exploit;Issue Tracking;Patch;Vendor Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-m3c3-9qj7-7xmx

Exposure of Sensitive Information to an Unauthorized Actor in org.xwiki.platform:xwiki-platform-office-viewer · Advisory · xwiki/xwiki-platform · GitHub
Exploit;Issue Tracking;Patch;Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20449

[XWIKI-20449] Server side request forgery (SSRF) with the Office Viewer - XWiki.org JIRA
Exploit;Issue Tracking;Patch;Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20447

[XWIKI-20447] Office document viewer macro allows anyone to see any file from host - XWiki.org JIRA
Exploit;Issue Tracking;Patch;Vendor Advisory

Jump to

Vulnerability Details : CVE-2023-29517

Products affected by CVE-2023-29517

Exploit prediction scoring system (EPSS) score for CVE-2023-29517

CVSS scores for CVE-2023-29517

CWE ids for CVE-2023-29517

References for CVE-2023-29517