Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-46242

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for for this vulnerability.

Published

2023-11-07T19:15:10.163

Last Modified

2024-11-21T08:28:09.033

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 9.6 (CRITICAL)

Weaknesses

Type: Secondary
CWE-94
Type: Primary
CWE-352

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	xwiki	xwiki	< 14.10.7	Yes
Application	xwiki	xwiki	< 15.2	Yes

References

https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be Patch ([email protected])
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5 Patch, Vendor Advisory ([email protected])
https://jira.xwiki.org/browse/XWIKI-20386 Issue Tracking, Vendor Advisory ([email protected])
https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://jira.xwiki.org/browse/XWIKI-20386 Issue Tracking, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)