CVE-2023-29507

Опубликовано: 16 апр. 2023

Источник: nvd

CVSS3: 9.1

CVSS3: 7.2

EPSS Низкий

Описание

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Ссылки

https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20380
Issue Tracking
https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83
Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c
Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-20380
Issue Tracking
https://jira.xwiki.org/browse/XWIKI-20380
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

Версия от 14.4.1 (включая) до 14.4.7 (исключая)

cpe:2.3:a:xwiki:xwiki:14.10:rc1:*:*:*:*:*:*

EPSS

Процентиль: 76%

0.00991

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-648

NVD-CWE-Other

Связанные уязвимости

GHSA-pwfv-3cvg-9m4c

CVSS3: 9.1

github

почти 3 года назад

org.xwiki.platform:xwiki-platform-oldcore makes Incorrect Use of Privileged APIs with DocumentAuthors

EPSS

Процентиль: 76%

0.00991

Низкий

9.1 Critical

CVSS3

7.2 High

CVSS3

Дефекты

CWE-648

NVD-CWE-Other