CVE-2022-23618

Опубликовано: 09 фев. 2022

Источник: nvd

CVSS3: 4.7

CVSS3: 6.1

CVSS2: 5.8

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is no protection against URL redirection to untrusted sites, in particular some well known parameters (xredirect) can be used to perform url redirections. This problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. Users are advised to update. There are no known workarounds for this issue.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-10309
Patch
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096
Patch
Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-10309
Patch
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия до 12.10.6 (включая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 13.0 (включая) до 13.3 (включая)

EPSS

Процентиль: 51%

0.00281

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601

Связанные уязвимости

GHSA-jp55-vvmf-63mv

CVSS3: 4.7

github

почти 4 года назад

URL Redirection to Untrusted Site ('Open Redirect')

EPSS

Процентиль: 51%

0.00281

Низкий

4.7 Medium

CVSS3

6.1 Medium

CVSS3

5.8 Medium

CVSS2

Дефекты

CWE-601