CVSS: 7.5EPSS: 38%CPEs: 4EXPL: 0CVE-2023-48241 – XWiki exposed whole content of all documents of all wikis to anybody with view right on Solr suggest service
https://notcve.org/view.php?id=CVE-2023-48241
XWiki Platform is a generic wiki platform. Starting in version 6.3-milestone-2 and prior to versions 14.10.15, 15.5.1, and 15.6RC1, the Solr-based search suggestion provider that also duplicates as generic JavaScript API for search results in XWiki exposes the content of all documents of all wikis to anybody who has access to it, by default it is public. This exposes all information stored in the wiki (but not some protected information like password hashes). While there is a right check normally, the right check can be circumvented by explicitly requesting fields from Solr that don't include the data for the right check. This has been fixed in XWiki 15.6RC1, 15.5.1 and 14.10.15 by not listing documents whose rights cannot be checked. • https://github.com/xwiki/xwiki-platform/commit/93b8ec702d7075f0f5794bb05dfb651382596764 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7fqr-97j7-jgf4 https://jira.xwiki.org/browse/XWIKI-21138 • CWE-285: Improper Authorization •
CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 0CVE-2023-48240 – XWiki Platform sends cookies to external images in rendered diff and is vulnerable to server side request forgery
https://notcve.org/view.php?id=CVE-2023-48240
XWiki Platform is a generic wiki platform. The rendered diff in XWiki embeds images to be able to compare the contents and not display a difference for an actually unchanged image. For this, XWiki requests all embedded images on the server side. These requests are also sent for images from other domains and include all cookies that were sent in the original request to ensure that images with restricted view right can be compared. Starting in version 11.10.1 and prior to versions 14.10.15, 15.5.1, and 15.6, this allows an attacker to steal login and session cookies that allow impersonating the current user who views the diff. • https://github.com/xwiki/xwiki-platform/commit/bff0203e739b6e3eb90af5736f04278c73c2a8bb https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7rfg-6273-f5wp https://jira.xwiki.org/browse/XWIKI-20818 • CWE-201: Insertion of Sensitive Information Into Sent Data CWE-281: Improper Preservation of Permissions CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 1CVE-2023-46743 – The same file cannot be opened with different rights
https://notcve.org/view.php?id=CVE-2023-46743
application-collabora is an integration of Collabora Online in XWiki. As part of the application use cases, depending on the rights that a user has over a document, they should be able to open the office attachments files in view or edit mode. Currently, if a user opens an attachment file in edit mode in collabora, this right will be preserved for all future users, until the editing session is closes, even if some of them have only view right. Collabora server is the one issuing this request and it seems that the `userCanWrite` query parameter is cached, even if, for example, token is not. This issue has been patched in version 1.3. application-collabora es una integración de Collabora Online en XWiki. • https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57 • CWE-276: Incorrect Default Permissions •
CVSS: 9.9EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46243 – Code execution via the edit action in XWiki platform
https://notcve.org/view.php?id=CVE-2023-46243
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to execute any content with the right of an existing document's content author, provided the user have edit right on it. A crafted URL of the form ` /xwiki/bin/edit//?content=%7B%7Bgroovy%7D%7Dprintln%28%22Hello+from+Groovy%21%22%29%7B%7B%2Fgroovy%7D%7D&xpage=view` can be used to execute arbitrary groovy code on the server. This vulnerability has been patched in XWiki versions 14.10.6 and 15.2RC1. • https://github.com/xwiki/xwiki-platform/commit/a0e6ca083b36be6f183b9af33ae735c1e02010f4 https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g2qq-c5j9-5w5w https://jira.xwiki.org/browse/XWIKI-20385 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.6EPSS: 0%CPEs: 2EXPL: 0CVE-2023-46242 – Code injection in XWiki Platform
https://notcve.org/view.php?id=CVE-2023-46242
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to execute a content with the right of any user via a crafted URL. A user must have `programming` privileges in order to exploit this vulnerability. This issue has been patched in XWiki 14.10.7 and 15.2RC1. Users are advised to upgrade. • https://github.com/xwiki/xwiki-platform/commit/cf8eb861998ea423c3645d2e5e974420b0e882be https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-hgpw-6p4h-j6h5 https://jira.xwiki.org/browse/XWIKI-20386 • CWE-94: Improper Control of Generation of Code ('Code Injection') CWE-352: Cross-Site Request Forgery (CSRF) •