// For flags

CVE-2023-50721

XWiki Platform RCE from account through SearchAdmin

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.

XWiki Platform es una plataforma wiki genérica. A partir de 4.5-rc-1 y anteriores a las versiones 14.10.15, 15.5.2 y 15.7-rc-1, la interfaz de administración de búsqueda no escapa correctamente a la identificación y la etiqueta de las extensiones de la interfaz de usuario de búsqueda, lo que permite la inyección de XWiki. sintaxis que contiene macros de script, incluidas macros Groovy que permiten la ejecución remota de código, lo que afecta la confidencialidad, integridad y disponibilidad de toda la instancia de XWiki. Este ataque puede ser ejecutado por cualquier usuario que pueda editar alguna página wiki como el perfil del usuario (editable de forma predeterminada), ya que cualquier usuario puede agregar extensiones de interfaz de usuario que se mostrarán en la administración de búsqueda en cualquier documento. El escape necesario se agregó en XWiki 14.10.15, 15.5.2 y 15.7RC1. Como workaround, el parche se puede aplicar manualmente a la página `XWiki.SearchAdmin`.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2023-12-11 CVE Reserved
  • 2023-12-15 CVE Published
  • 2023-12-20 EPSS Updated
  • 2024-08-02 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-94: Improper Control of Generation of Code ('Code Injection')
  • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Xwiki
Search vendor "Xwiki"
 Xwiki
Search vendor "Xwiki" for product "Xwiki"
 >= 4.5 < 14.10.5
Search vendor "Xwiki" for product "Xwiki" and version " >= 4.5 < 14.10.5"
-
Affected
Xwiki
Search vendor "Xwiki"
 Xwiki
Search vendor "Xwiki" for product "Xwiki"
 >= 15.0 < 15.5.2
Search vendor "Xwiki" for product "Xwiki" and version " >= 15.0 < 15.5.2"
-
Affected
Xwiki
Search vendor "Xwiki"
 Xwiki
Search vendor "Xwiki" for product "Xwiki"
 15.6
Search vendor "Xwiki" for product "Xwiki" and version "15.6"
-
Affected
Xwiki
Search vendor "Xwiki"
 Xwiki
Search vendor "Xwiki" for product "Xwiki"
 15.6
Search vendor "Xwiki" for product "Xwiki" and version "15.6"
rc1
Affected
Xwiki
Search vendor "Xwiki"
 Xwiki
Search vendor "Xwiki" for product "Xwiki"
 15.7
Search vendor "Xwiki" for product "Xwiki" and version "15.7"
rc1
Affected