Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-29204

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Published

2023-04-15T16:15:07.147

Last Modified

2024-11-21T07:56:42.630

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-601

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	xwiki	< 13.10.10	Yes
Application	xwiki	xwiki	< 14.4.4	Yes
Application	xwiki	xwiki	≤ 14.7	Yes
Application	xwiki	xwiki	6.0	Yes

References

https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf Patch ([email protected])
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv Exploit, Patch, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-10309 Exploit, Issue Tracking ([email protected])
https://jira.xwiki.org/browse/XWIKI-19994 Exploit, Issue Tracking ([email protected])
https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv Exploit, Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jira.xwiki.org/browse/XWIKI-10309 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://jira.xwiki.org/browse/XWIKI-19994 Exploit, Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)