GHSA-rj7p-xjv7-7229

Опубликовано: 08 янв. 2024

Источник: github

Github: Прошло ревью

CVSS3: 10

Описание

XWiki Remote Code Execution Vulnerability via User Registration

Impact

XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests.

To reproduce, register with any username and password and the following payload as "first name": ]]{{/html}}{{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack succeeded){{/groovy}}{{/async}}. In the following page that confirms the success of the registration, the full first name should be displayed, linking to the created user. If the formatting is broken and a log message with content "ERROR attacker - Attack succeeded!" is logged, the attack succeeded.

Patches

This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.

Workarounds

In the administration of your wiki, under "Users & Rights" > "Registration" set the "Registration Successful Message" to the following code:

#set($message = $services.localization.render('core.register.successful', 'xwiki/2.1', ['USERLINK', $userName])) #set($userLink = $xwiki.getUserName("$userSpace$userName")) {{info}}$message.replace('USERLINK', "{{html clean=false}}$userLink{{/html}}"){{/info}}

References

Ссылки

Пакеты

Наименование

org.xwiki.platform:xwiki-platform-administration-ui

maven

Затронутые версииВерсия исправления

>= 2.2, < 14.10.17

14.10.17

Наименование

org.xwiki.platform:xwiki-platform-administration-ui

maven

Затронутые версииВерсия исправления

>= 15.0-rc-1, < 15.5.3

15.5.3

Наименование

org.xwiki.platform:xwiki-platform-administration-ui

maven

Затронутые версииВерсия исправления

>= 15.6-rc-1, < 15.8-rc-1

15.8-rc-1

EPSS

Процентиль: 100%

0.92865

Критический

10 Critical

CVSS3

CVE ID

CVE-2024-21650

Дефекты

CWE-94

CWE-95

Связанные уязвимости

CVE-2024-21650

CVSS3: 10

nvd

около 2 лет назад

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests. This vulnerability has been patched in XWiki 14.10.17, 15.5.3 and 15.8 RC1.

BDU:2024-00970

CVSS3: 9.8

fstec

около 2 лет назад

Уязвимость функции регистрации пользователей платформы создания совместных веб-приложений XWiki Platform XWiki, позволяющая нарушителю выполнить произвольный код

EPSS

Процентиль: 100%

0.92865

Критический

10 Critical

CVSS3

CVE ID

CVE-2024-21650

Дефекты

CWE-94

CWE-95