CVE-2023-29525 : XWiki Platform is a generic wiki platform offering runtime services for applicat

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Affected versions of xwiki are subject to code injection in the `since` parameter of the `/xwiki/bin/view/XWiki/Notifications/Code/LegacyNotificationAdministration` endpoint. This provides an XWiki syntax injection attack via the since-parameter, allowing privilege escalation from view to programming rights and subsequent code execution privilege. The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8 and 14.10.3. Users are advised to upgrade. Users unable to upgrade may modify the page `XWiki.Notifications.Code.LegacyNotificationAdministration` to add the missing escaping. For versions < 14.6-rc-1 a workaround is to modify the file `<xwikiwebapp>/templates/distribution/eventmigration.wiki` to add the missing escaping.

Published 2023-04-19 00:15:09

Updated 2023-05-01 17:27:32

Source GitHub, Inc.

View at NVD, CVE.org

Vulnerability category: Gain privilege

Products affected by CVE-2023-29525

Xwiki » Xwiki
Versions before (<) 14.4.8
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Matching versions
Xwiki » Xwiki
Versions from including (>=) 14.5 and before (<) 14.10.3
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-29525

EPSS FAQ

24.03%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 96 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-29525

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H	2.8	5.9	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Unchanged Confidentiality: High Integrity: High Availability: High
9.9	CRITICAL	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H	3.1	6.0	GitHub, Inc.
Attack Vector: Network Attack Complexity: Low Privileges Required: Low User Interaction: None Scope: Changed Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2023-29525

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

Assigned by: security-advisories@github.com (Primary)

References for CVE-2023-29525

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jgg7-w2rj-58cj

Privilege escalation (PR) from view right on XWiki.Notifications.Code.LegacyNotificationAdministration · Advisory · xwiki/xwiki-platform · GitHub
Exploit;Patch;Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20287

[XWIKI-20287] Privilege escalation (PR) from view right on XWiki.Notifications.Code.LegacyNotificationAdministration - XWiki.org JIRA
Exploit;Issue Tracking;Patch;Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/6d74e2e4aa03d19f0be385ab63ae9e0f0e90a766

XWIKI-20287: Improve migration date display · xwiki/xwiki-platform@6d74e2e · GitHub
Patch
https://github.com/xwiki/xwiki-platform/commit/8e7c7f90f2ddaf067cb5b83b181af41513028754#diff-4e13f4ee4a42938bf1201b7ee71ca32edeacba22559daf0bcb89d534e0225949R70

XWIKI-20287: Improve migration date display · xwiki/xwiki-platform@8e7c7f9 · GitHub
Patch

Jump to

Vulnerability Details : CVE-2023-29525

Products affected by CVE-2023-29525

Exploit prediction scoring system (EPSS) score for CVE-2023-29525

CVSS scores for CVE-2023-29525

CWE ids for CVE-2023-29525

References for CVE-2023-29525