CVE Vulnerability

CVE-2022-23617

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.

4 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554 Patch Third Party Advisory
https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5 Patch Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18430 Patch Vendor Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:xwiki:xwiki:13.0:*:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:13.1:-:*:*:*:*:*:*
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*
Information

Published : 2022-02-09 09:15

Updated : 2022-02-15 07:56

NVD link : CVE-2022-23617

Mitre link : CVE-2022-23617

Products Affected
No products.
CWE
CWE-862