CVE-2023-29526 - Vulnerability Details - OpenCVE

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki::::::::

No data.

References

Link	Providers
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5
https://jira.xwiki.org/browse/XRENDERING-694
https://jira.xwiki.org/browse/XWIKI-20394

History

Wed, 05 Feb 2025 21:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-04-18T22:57:29.722Z

Updated: 2025-02-05T20:45:15.815Z

Reserved: 2023-04-07T18:56:54.629Z

Link: CVE-2023-29526

Vulnrichment

Updated: 2024-08-02T14:14:38.636Z

NVD

Status : Modified

Published: 2023-04-19T00:15:09.213

Modified: 2024-11-21T07:57:14.033

Link: CVE-2023-29526

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-29526", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-04-07T18:56:54.629Z", "datePublished": "2023-04-18T22:57:29.722Z", "dateUpdated": "2025-02-05T20:45:15.815Z"}, "containers": {"cna": {"title": "Async and display macro allow displaying and interacting with any document in restricted mode", "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "lang": "en", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-694", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XRENDERING-694"}, {"name": "https://jira.xwiki.org/browse/XWIKI-20394", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-20394"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 10.11.1, < 13.10.11", "status": "affected"}, {"version": ">= 14.0.0, < 14.4.8", "status": "affected"}, {"version": ">= 14.5.0, < 14.10.3", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-18T22:57:29.722Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue."}], "source": {"advisory": "GHSA-gpq5-7p34-vqx5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.636Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-694", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XRENDERING-694"}, {"name": "https://jira.xwiki.org/browse/XWIKI-20394", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XWIKI-20394"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-02-05T20:45:02.419524Z", "id": "CVE-2023-29526", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:45:15.815Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://jira.xwiki.org/browse/XRENDERING-694", "name": "https://jira.xwiki.org/browse/XRENDERING-694", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-20394", "name": "https://jira.xwiki.org/browse/XWIKI-20394", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T14:14:38.636Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-29526", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-02-05T20:45:02.419524Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-02-05T20:45:09.114Z"}}], "cna": {"title": "Async and display macro allow displaying and interacting with any document in restricted mode", "source": {"advisory": "GHSA-gpq5-7p34-vqx5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"status": "affected", "version": ">= 10.11.1, < 13.10.11"}, {"status": "affected", "version": ">= 14.0.0, < 14.4.8"}, {"status": "affected", "version": ">= 14.5.0, < 14.10.3"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://jira.xwiki.org/browse/XRENDERING-694", "name": "https://jira.xwiki.org/browse/XRENDERING-694", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-20394", "name": "https://jira.xwiki.org/browse/XWIKI-20394", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-04-18T22:57:29.722Z"}}}, "cveMetadata": {"cveId": "CVE-2023-29526", "state": "PUBLISHED", "dateUpdated": "2025-02-05T20:45:15.815Z", "dateReserved": "2023-04-07T18:56:54.629Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-04-18T22:57:29.722Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "F2A7D825-53C5-4260-81D6-E9F6C61C49BE", "versionEndExcluding": "13.10.11", "versionStartIncluding": "10.11.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "AD2B185D-F8A6-49EB-B485-744F234B8730", "versionEndExcluding": "14.4.8", "versionStartIncluding": "14.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "4472030C-B32C-42AD-B137-2FA730A29836", "versionEndExcluding": "14.10.3", "versionStartIncluding": "14.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible to display or interact with any page a user cannot access through the combination of the async and display macros. A comment with either macro will be executed when viewed providing a code injection vector in the context of the running server. This vulnerability has been patched in XWiki 15.0-rc-1, 14.10.3, 14.4.8, and 13.10.11. Users are advised to upgrade. There are no known workarounds for this issue."}], "id": "CVE-2023-29526", "lastModified": "2024-11-21T07:57:14.033", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-04-19T00:15:09.213", "references": [{"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XRENDERING-694"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-20394"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gpq5-7p34-vqx5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XRENDERING-694"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-20394"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-74"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-74"}], "source": "nvd@nist.gov", "type": "Primary"}]}