cvelistv5 - CVE-2022-41927

CVE-2022-41927 (GCVE-0-2022-41927)

Vulnerability from cvelistv5 – Published: 2022-11-23 00:00 – Updated: 2025-04-23 16:35

Summary

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```

Severity ?

7.4 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

CWE

CWE-352 - Cross-Site Request Forgery (CSRF)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/…
	https://github.com/xwiki/xwiki-platform/commit/7f…

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Affected: >= 3.2-milestone-2, < 13.10.7 Affected: >= 14.0.0, < 14.4.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.542Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41927",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-23T13:54:05.395668Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-23T16:35:31.577Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 3.2-milestone-2, \u003c 13.10.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 14.0.0, \u003c 14.4.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-352",
              "description": "CWE-352: Cross-Site Request Forgery (CSRF)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-23T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
        },
        {
          "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
        }
      ],
      "source": {
        "advisory": "GHSA-mq7h-5574-hw9f",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41927",
    "datePublished": "2022-11-23T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-23T16:35:31.577Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"3.2\", \"versionEndExcluding\": \"13.10.7\", \"matchCriteriaId\": \"EAFB9FDB-DCD2-40D6-9190-BC8136D4B402\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"902E7F43-561F-4B89-B902-CDEB6E6C938B\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*\", \"matchCriteriaId\": \"CB7202B8-E057-446D-A56A-30ED1D5D350F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"26C528CB-800E-4D9E-9C90-CEE3D335B0FE\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \\\"Wrong CSRF token\\\")) #end ```\"}, {\"lang\": \"es\", \"value\": \"XWiki Platform es vulnerable a la Cross-Site Request Forgery (CSRF), que puede permitir a los atacantes eliminar o cambiar el nombre de las etiquetas sin necesidad de confirmaci\\u00f3n. El problema se solucion\\u00f3 en XWiki 13.10.7, 14.4.1 y 14.5RC1. Workarounds: es posible parchear instancias existentes directamente editando la p\\u00e1gina Main.Tags y agregando este tipo de verificaci\\u00f3n en el c\\u00f3digo para cambiar el nombre y eliminar: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \\\"Wrong CSRF token\\\")) #end ``` \"}]",
      "id": "CVE-2022-41927",
      "lastModified": "2024-11-21T07:24:05.200",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"baseScore\": 7.4, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.0}]}",
      "published": "2022-11-23T19:15:12.563",
      "references": "[{\"url\": \"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Mitigation\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mitigation\", \"Patch\", \"Third Party Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-352\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41927\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-11-23T19:15:12.563\",\"lastModified\":\"2024-11-21T07:24:05.200\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \\\"Wrong CSRF token\\\")) #end ```\"},{\"lang\":\"es\",\"value\":\"XWiki Platform es vulnerable a la Cross-Site Request Forgery (CSRF), que puede permitir a los atacantes eliminar o cambiar el nombre de las etiquetas sin necesidad de confirmaci\u00f3n. El problema se solucion\u00f3 en XWiki 13.10.7, 14.4.1 y 14.5RC1. Workarounds: es posible parchear instancias existentes directamente editando la p\u00e1gina Main.Tags y agregando este tipo de verificaci\u00f3n en el c\u00f3digo para cambiar el nombre y eliminar: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \\\"Wrong CSRF token\\\")) #end ``` \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\",\"baseScore\":7.4,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.8,\"impactScore\":4.0}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-352\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"3.2\",\"versionEndExcluding\":\"13.10.7\",\"matchCriteriaId\":\"EAFB9FDB-DCD2-40D6-9190-BC8136D4B402\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"902E7F43-561F-4B89-B902-CDEB6E6C938B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*\",\"matchCriteriaId\":\"CB7202B8-E057-446D-A56A-30ED1D5D350F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"26C528CB-800E-4D9E-9C90-CEE3D335B0FE\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mitigation\",\"Patch\",\"Third Party Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:56:38.542Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41927\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-23T13:54:05.395668Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-23T13:54:06.626Z\"}}], \"cna\": {\"title\": \"XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags\", \"source\": {\"advisory\": \"GHSA-mq7h-5574-hw9f\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 7.4, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"NONE\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}], \"affected\": [{\"vendor\": \"xwiki\", \"product\": \"xwiki-platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 3.2-milestone-2, \u003c 13.10.7\"}, {\"status\": \"affected\", \"version\": \"\u003e= 14.0.0, \u003c 14.4.1\"}]}], \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f\"}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\"}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \\\"Wrong CSRF token\\\")) #end ```\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-352\", \"description\": \"CWE-352: Cross-Site Request Forgery (CSRF)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-11-23T00:00:00.000Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2022-41927\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-23T16:35:31.577Z\", \"dateReserved\": \"2022-09-30T00:00:00.000Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2022-11-23T00:00:00.000Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

GHSA-MQ7H-5574-HW9F

Vulnerability from github – Published: 2022-11-21 22:34 – Updated: 2022-11-21 22:34

Summary

Cross-Site Request Forgery (CSRF) allowing to delete or rename tags

Details

Impact

It's possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack.

Patches

The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1.

Workarounds

It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting:

#if (!$services.csrf.isTokenValid($request.get('form_token')))
    #set ($discard = $response.sendError(401, "Wrong CSRF token"))
#end

See the commit with the fix for more information about patching the page: https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e

References

https://jira.xwiki.org/browse/XWIKI-19748
https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e

For more information

If you have any questions or comments about this advisory: * Open an issue in JIRA * Email us at security ML

Severity ?

7.4 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-tag-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.2-milestone-2"
            },
            {
              "fixed": "13.10.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-tag-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.0"
            },
            {
              "fixed": "14.4.1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41927"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-352"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T22:34:35Z",
    "nvd_published_at": "2022-11-23T19:15:00Z",
    "severity": "HIGH"
  },
  "details": "### Impact\n\nIt\u0027s possible with a simple request to perform deletion or renaming of tags without needing any confirmation, by using a CSRF attack. \n\n### Patches\n\nThe problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. \n\n### Workarounds\n\nIt\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting:\n```\n#if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027)))\n    #set ($discard = $response.sendError(401, \"Wrong CSRF token\"))\n#end\n```\n\nSee the commit with the fix for more information about patching the page: https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\n\n### References\n\n  * https://jira.xwiki.org/browse/XWIKI-19748\n  * https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e\n\n### For more information\nIf you have any questions or comments about this advisory:\n* Open an issue in [JIRA](https://jira.xwiki.org)\n* Email us at [security ML](mailto:security@xwiki.org)\n",
  "id": "GHSA-mq7h-5574-hw9f",
  "modified": "2022-11-21T22:34:35Z",
  "published": "2022-11-21T22:34:35Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41927"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Cross-Site Request Forgery (CSRF) allowing to delete or rename tags"
}

FKIE_CVE-2022-41927

Vulnerability from fkie_nvd - Published: 2022-11-23 19:15 - Updated: 2024-11-21 07:24

Severity ?

7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N
7.4 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e	Patch, Third Party Advisory
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f	Mitigation, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e	Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f	Mitigation, Patch, Third Party Advisory

Impacted products

Vendor	Product	Version
xwiki	xwiki	*
xwiki	xwiki	3.2
xwiki	xwiki	3.2
xwiki	xwiki	14.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "EAFB9FDB-DCD2-40D6-9190-BC8136D4B402",
              "versionEndExcluding": "13.10.7",
              "versionStartExcluding": "3.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "902E7F43-561F-4B89-B902-CDEB6E6C938B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*",
              "matchCriteriaId": "CB7202B8-E057-446D-A56A-30ED1D5D350F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "26C528CB-800E-4D9E-9C90-CEE3D335B0FE",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
    },
    {
      "lang": "es",
      "value": "XWiki Platform es vulnerable a la Cross-Site Request Forgery (CSRF), que puede permitir a los atacantes eliminar o cambiar el nombre de las etiquetas sin necesidad de confirmaci\u00f3n. El problema se solucion\u00f3 en XWiki 13.10.7, 14.4.1 y 14.5RC1. Workarounds: es posible parchear instancias existentes directamente editando la p\u00e1gina Main.Tags y agregando este tipo de verificaci\u00f3n en el c\u00f3digo para cambiar el nombre y eliminar: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ``` "
    }
  ],
  "id": "CVE-2022-41927",
  "lastModified": "2024-11-21T07:24:05.200",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 4.0,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-23T19:15:12.563",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GSD-2022-41927

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41927

Aliases

CVE-2022-41927

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41927",
    "id": "GSD-2022-41927"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41927"
      ],
      "details": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```",
      "id": "GSD-2022-41927",
      "modified": "2023-12-13T01:19:32.529740Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-41927",
        "STATE": "PUBLIC",
        "TITLE": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "xwiki-platform",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 3.2-milestone-2, \u003c 13.10.7"
                        },
                        {
                          "version_value": "\u003e= 14.0.0, \u003c 14.4.1"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "xwiki"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 7.4,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "HIGH",
          "privilegesRequired": "NONE",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-352: Cross-Site Request Forgery (CSRF)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f",
            "refsource": "CONFIRM",
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
          },
          {
            "name": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e",
            "refsource": "MISC",
            "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-mq7h-5574-hw9f",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[3.2-milestone-2,13.10.7),[14.0.0,14.4.1)",
          "affected_versions": "All versions starting from 3.2-milestone-2 before 13.10.7, all versions starting from 14.0.0 before 14.4.1",
          "cwe_ids": [
            "CWE-1035",
            "CWE-352",
            "CWE-937"
          ],
          "date": "2022-11-21",
          "description": "Cross-Site Request Forgery (CSRF) in org.xwiki.platform:xwiki-platform-tag-ui.",
          "fixed_versions": [
            "13.10.7",
            "14.4.1"
          ],
          "identifier": "GMS-2022-6936",
          "identifiers": [
            "GHSA-mq7h-5574-hw9f",
            "GMS-2022-6936",
            "CVE-2022-41927"
          ],
          "not_impacted": "All versions before 3.2-milestone-2, all versions starting from 13.10.7 before 14.0.0, all versions starting from 14.4.1",
          "package_slug": "maven/org.xwiki.platform/xwiki-platform-tag-ui",
          "pubdate": "2022-11-21",
          "solution": "Upgrade to versions 13.10.7, 14.4.1 or above.",
          "title": "Cross-Site Request Forgery (CSRF)",
          "urls": [
            "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f",
            "https://github.com/advisories/GHSA-mq7h-5574-hw9f"
          ],
          "uuid": "a17d0eb5-583a-4da1-afa5-210edafe7b7d"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.10.7",
                "versionStartExcluding": "3.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-41927"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It\u0027s possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get(\u0027form_token\u0027))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-352"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e",
              "refsource": "MISC",
              "tags": [
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"
            },
            {
              "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f",
              "refsource": "CONFIRM",
              "tags": [
                "Mitigation",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.4,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 4.0
        }
      },
      "lastModifiedDate": "2022-11-30T16:22Z",
      "publishedDate": "2022-11-23T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41927 (GCVE-0-2022-41927)

GHSA-MQ7H-5574-HW9F

Impact

Patches

Workarounds

References

For more information

FKIE_CVE-2022-41927

GSD-2022-41927

Tags

Sightings

Nomenclature