CVE-2022-39387
XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required.
XWiki OIDC tiene varias herramientas para manipular el protocolo OpenID Connect en XWiki. Antes de la versión 1.29.1, incluso si un wiki tiene un proveedor OpenID configurado a través de xwiki.properties, era posible proporcionar sus detalles a un proveedor externo a través de parámetros de solicitud. Luego, se puede omitir por completo la autenticación de XWiki especificando su propio proveedor a través de los parámetros de solicitud oidc.endpoint.* (o usando un proveedor OpenID basado en XWiki con oidc.xwikiprovider. Con el mismo enfoque, también se podría proporcionar un mapeo de grupo específico a través de oidc.groups.mapping que haría que su usuario forme parte automáticamente de XWikiAdminGroup. Este problema ha sido solucionado, actualice a 1.29.1. No hay workaround, se requiere una actualización del autenticador.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-09-02 CVE Reserved
- 2022-11-04 CVE Published
- 2024-05-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-287: Improper Authentication
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/xwiki-contrib/oidc/security/advisories/GHSA-m7gv-v8xx-v47w | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/xwiki-contrib/oidc/commit/0247af1417925b9734ab106ad7cd934ee870ac89 | 2022-11-07 |
URL | Date | SRC |
---|---|---|
https://jira.xwiki.org/browse/OIDC-118 | 2022-11-07 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Xwiki Search vendor "Xwiki" | Openid Connect Search vendor "Xwiki" for product "Openid Connect" | < 1.29.1 Search vendor "Xwiki" for product "Openid Connect" and version " < 1.29.1" | - |
Affected
|