CVE-2022-36093 – XWiki Platform Web Templates vulnerable to Unauthorized User Registration Through the Distribution Wizard
https://notcve.org/view.php?id=CVE-2022-36093
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. • https://github.com/xwiki/xwiki-platform/commit/70c64c23f4404f33289458df2a08f7c4be022755 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h5j3-5x63-p8jv https://jira.xwiki.org/browse/XWIKI-19558 • CWE-287: Improper Authentication CWE-288: Authentication Bypass Using an Alternate Path or Channel •
CVE-2022-36092 – XWiki Platform Old Core vulnerable to Authentication Bypass Using the Login Action
https://notcve.org/view.php?id=CVE-2022-36092
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 14.2 and 13.10.4, all rights checks that would normally prevent a user from viewing a document on a wiki can be bypassed using the login action and directly specified templates. This exposes title, content and comments of any document and properties of objects, though class and property name must be known. This is also exploitable on private wikis. This has been patched in versions 14.2 and 13.10.4 by properly checking view rights before loading documents and disallowing non-default templates in the login, registration and skin action. • https://github.com/xwiki/xwiki-platform/commit/71a6d0bb6f8ab718fcfaae0e9b8c16c2d69cd4bb https://github.com/xwiki/xwiki-platform/commit/9b7057d57a941592d763992d4299456300918208 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm https://jira.xwiki.org/browse/XWIKI-18602 https://jira.xwiki.org/browse/XWIKI-19549 • CWE-287: Improper Authentication •
CVE-2022-36091 – XWiki Platform Web Templates vulnerable to Missing Authorization and Exposure of Private Personal Information to an Unauthorized Actor
https://notcve.org/view.php?id=CVE-2022-36091
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. Through the suggestion feature, string and list properties of objects the user shouldn't have access to can be accessed in versions prior to 13.10.4 and 14.2. This includes private personal information like email addresses and salted password hashes of registered users but also other information stored in properties of objects. Sensitive configuration fields like passwords for LDAP or SMTP servers could be accessed. By exploiting an additional vulnerability, this issue can even be exploited on private wikis at least for string properties. • https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm https://jira.xwiki.org/browse/XWIKI-18849 • CWE-359: Exposure of Private Personal Information to an Unauthorized Actor CWE-862: Missing Authorization •
CVE-2022-31166 – XWiki.WebHome vulnerable to Improper Privilege Management in XWiki resolving groups
https://notcve.org/view.php?id=CVE-2022-31166
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Starting in versions 11.3.7, 11.0.3, and 12.0RC1, it is possible to exploit a bug in XWikiRights resolution of groups to obtain privilege escalation. More specifically, editing a right with the object editor leads to adding a supplementary empty value to groups which is then resolved as a reference to XWiki.WebHome page. Adding an XWikiGroup xobject to that page then transforms it to a group, any user put in that group would then obtain the privileges related to the edited right. Note that this security issue is normally mitigated by the fact that XWiki.WebHome (and XWiki space in general) should be protected by default for edit rights. • https://github.com/xwiki/xwiki-platform/pull/1800 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx https://jira.xwiki.org/browse/XWIKI-15776 https://jira.xwiki.org/browse/XWIKI-18386 • CWE-269: Improper Privilege Management •
CVE-2022-29161 – Crypto script service uses hashing algorithm SHA1 with RSA for certificate signature in xwiki-platform
https://notcve.org/view.php?id=CVE-2022-29161
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The XWiki Crypto API will generate X509 certificates signed by default using SHA1 with RSA, which is not considered safe anymore for use in certificate signatures, due to the risk of collisions with SHA1. The problem has been patched in XWiki version 13.10.6, 14.3.1 and 14.4-rc-1. Since then, the Crypto API will generate X509 certificates signed by default using SHA256 with RSA. Administrators are advised to upgrade their XWiki installation to one of the patched versions. • https://github.com/xwiki/xwiki-platform/commit/26728f3f23658288683667a5182a916c7ecefc52 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-h8v5-p258-pqf4 https://jira.xwiki.org/browse/XWIKI-19676 • CWE-326: Inadequate Encryption Strength CWE-327: Use of a Broken or Risky Cryptographic Algorithm •