CVE-2023-40572 - OpenCVE

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki:15.0:-::::::
	cpe:2.3:a:xwiki:xwiki:15.0:rc1::::::
	cpe:2.3:a:xwiki:xwiki:15.1:-::::::
	cpe:2.3:a:xwiki:xwiki:15.1:rc1::::::
	cpe:2.3:a:xwiki:xwiki:15.2:-::::::
	cpe:2.3:a:xwiki:xwiki:15.2:rc1::::::
	cpe:2.3:a:xwiki:xwiki:15.3:-::::::
	cpe:2.3:a:xwiki:xwiki:15.3:rc1::::::

No data.

References

Link	Providers
https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m
https://jira.xwiki.org/browse/XWIKI-20849

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-08-24T01:15:33.272Z

Updated: 2024-08-02T18:38:51.000Z

Reserved: 2023-08-16T18:24:02.390Z

Link: CVE-2023-40572

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2023-08-24T02:15:09.643

Modified: 2023-09-01T17:07:35.057

Link: CVE-2023-40572

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-40572", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-08-16T18:24:02.390Z", "datePublished": "2023-08-24T01:15:33.272Z", "dateUpdated": "2024-08-02T18:38:51.000Z"}, "containers": {"cna": {"title": "XWiki Platform vulnerable to CSRF privilege escalation/RCE via the create action", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7"}, {"name": "https://jira.xwiki.org/browse/XWIKI-20849", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-20849"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 3.2-milestone-3, < 14.10.9", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.4-rc-1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-08-24T01:15:33.272Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation."}], "source": {"advisory": "GHSA-4f8m-7h83-9f6m", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:38:51.000Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7"}, {"name": "https://jira.xwiki.org/browse/XWIKI-20849", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XWIKI-20849"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "11425A73-EEF4-4856-832E-B60154EC09EE", "versionEndExcluding": "14.10.9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:*", "matchCriteriaId": "99329652-2907-4903-AAB1-1038F225C020", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "88E41345-F81E-401A-BD67-66AF4B3925D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:-:*:*:*:*:*:*", "matchCriteriaId": "5D121BDB-D7C5-4B79-A904-3C4A76F38E6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.1:rc1:*:*:*:*:*:*", "matchCriteriaId": "67322CAC-1F17-4453-BC7F-4262E436E307", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.2:-:*:*:*:*:*:*", "matchCriteriaId": "047E048F-AB46-41FD-A074-2EC1D036DC92", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.2:rc1:*:*:*:*:*:*", "matchCriteriaId": "355FF62B-1086-4F15-8CBC-33906F4A3589", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.3:-:*:*:*:*:*:*", "matchCriteriaId": "D64558D4-26CC-44ED-9DDC-56979E569DA9", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:15.3:rc1:*:*:*:*:*:*", "matchCriteriaId": "82B5066C-4F5D-4F7F-9EE3-9A926321F16A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The create action is vulnerable to a CSRF attack, allowing script and thus remote code execution when targeting a user with script/programming right, thus compromising the confidentiality, integrity and availability of the whole XWiki installation. When a user with script right views this image and a log message `ERROR foo - Script executed!` appears in the log, the XWiki installation is vulnerable. This has been patched in XWiki 14.10.9 and 15.4RC1 by requiring a CSRF token for the actual page creation."}], "id": "CVE-2023-40572", "lastModified": "2023-09-01T17:07:35.057", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-08-24T02:15:09.643", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-platform/commit/4b20528808d0c311290b0d9ab2cfc44063380ef7"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4f8m-7h83-9f6m"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-20849"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Primary"}]}