CVE-2022-41927 - Vulnerability Details - OpenCVE

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki:3.2:milestone2::::::
	cpe:2.3:a:xwiki:xwiki:3.2:milestone3::::::
	cpe:2.3:a:xwiki:xwiki:14.4:::::::*

No data.

References

Link	Providers
https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-23T00:00:00

Updated: 2024-08-03T12:56:38.542Z

Reserved: 2022-09-30T00:00:00

Link: CVE-2022-41927

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-23T19:15:12.563

Modified: 2024-11-21T07:24:05.200

Link: CVE-2022-41927

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41927", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:56:38.542Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-11-23T00:00:00"}, "containers": {"cna": {"title": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-23T00:00:00"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 3.2-milestone-2, < 13.10.7", "status": "affected"}, {"version": ">= 14.0.0, < 14.4.1", "status": "affected"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}], "source": {"advisory": "GHSA-mq7h-5574-hw9f", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.542Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f", "tags": ["x_transferred"]}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e", "tags": ["x_transferred"]}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAFB9FDB-DCD2-40D6-9190-BC8136D4B402", "versionEndExcluding": "13.10.7", "versionStartExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*", "matchCriteriaId": "902E7F43-561F-4B89-B902-CDEB6E6C938B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*", "matchCriteriaId": "CB7202B8-E057-446D-A56A-30ED1D5D350F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*", "matchCriteriaId": "26C528CB-800E-4D9E-9C90-CEE3D335B0FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"}, {"lang": "es", "value": "XWiki Platform es vulnerable a la Cross-Site Request Forgery (CSRF), que puede permitir a los atacantes eliminar o cambiar el nombre de las etiquetas sin necesidad de confirmaci\u00f3n. El problema se solucion\u00f3 en XWiki 13.10.7, 14.4.1 y 14.5RC1. Workarounds: es posible parchear instancias existentes directamente editando la p\u00e1gina Main.Tags y agregando este tipo de verificaci\u00f3n en el c\u00f3digo para cambiar el nombre y eliminar: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ``` "}], "id": "CVE-2022-41927", "lastModified": "2024-11-21T07:24:05.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T19:15:12.563", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}]}