CVE-2023-26478

Опубликовано: 02 мар. 2023

Источник: nvd

CVSS3: 6.6

CVSS3: 8.1

EPSS Низкий

Описание

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right. com.xpn.xwiki.api.Attachment should be used instead and takes case of checking the user's rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20180
Exploit
Issue Tracking
Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/3c73c59e39b6436b1074d8834cf276916010014d
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8692-g6g9-gm5p
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20180
Exploit
Issue Tracking
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.3 (включая) до 14.4.6 (исключая)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.5 (включая) до 14.9 (исключая)

EPSS

Процентиль: 60%

0.0039

Низкий

6.6 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-749

NVD-CWE-Other

Связанные уязвимости

GHSA-8692-g6g9-gm5p

CVSS3: 6.6

github

почти 3 года назад

xwiki contains Exposed Dangerous Method or Function

EPSS

Процентиль: 60%

0.0039

Низкий

6.6 Medium

CVSS3

8.1 High

CVSS3

Дефекты

CWE-749

NVD-CWE-Other