CVE-2022-36100
XWiki Platform Applications Tag and XWiki Platform Tag UI vulnerable to Eval Injection
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
2Exploited in Wild
-Decision
Descriptions
XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later.
XWiki Platform Applications Tag y XWiki Platform Tag UI son aplicaciones de etiquetas para XWiki, una plataforma wiki genérica. A partir de la versión 1.7 en XWiki Platform Applications Tag y anteriores a 13.10.6 y 14.4 en XWiki Platform Tag UI, el documento de etiquetas "Main.Tags" en XWiki no saneaba apropiadamente las entradas del usuario. Esto permitió a usuarios con derechos de visualización en el documento (predeterminado en un wiki público o para usuarios autenticados en wikis privados) ejecutar código Groovy, Python y Velocity arbitrario con derechos de programación. Esto también permitió omitir todas las verificaciones de derechos y, por lo tanto, la modificación y divulgación de todo el contenido almacenado en la instalación de XWiki. La vulnerabilidad podría usarse para afectar la disponibilidad de la wiki. En XWiki versiones anteriores a 13.10.4 y la 14.2, esto puede combinarse con CVE-2022-36092, lo que significa que no son requeridos derechos para realizar el ataque. La vulnerabilidad ha sido parcheada en versiones 13.10.6 y 14.4. Como mitigación, el parche que corrige el problema puede aplicarse manualmente al documento "Main.Tags" o la versión actualizada de ese documento puede importarse desde la versión 14.4 de xwiki-platform-tag-ui usando la funcionalidad import en la Interfaz de Usuario de administración en XWiki versión 10.9 y posterior
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-15 CVE Reserved
- 2022-09-08 CVE Published
- 2024-04-29 EPSS Updated
- 2024-08-03 CVE Updated
- 2024-08-03 First Exploit
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-94: Improper Control of Generation of Code ('Code Injection')
- CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
- CWE-116: Improper Encoding or Escaping of Output
CAPEC
References (3)
URL | Tag | Source |
---|
URL | Date | SRC |
---|---|---|
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x | 2024-08-03 | |
https://jira.xwiki.org/browse/XWIKI-19747 | 2024-08-03 |
URL | Date | SRC |
---|---|---|
https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427 | 2023-06-27 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xwiki Search vendor "Xwiki" | Xwiki Search vendor "Xwiki" for product "Xwiki" | >= 1.7 < 13.10.6 Search vendor "Xwiki" for product "Xwiki" and version " >= 1.7 < 13.10.6" | - |
Affected
| ||||||
Xwiki Search vendor "Xwiki" | Xwiki Search vendor "Xwiki" for product "Xwiki" | >= 14.0 < 14.4 Search vendor "Xwiki" for product "Xwiki" and version " >= 14.0 < 14.4" | - |
Affected
|