Vulnerability-Lookup

CVE-2022-41928 (GCVE-0-2022-41928)

Vulnerability from cvelistv5 – Published: 2022-11-23 00:00 – Updated: 2025-04-22 16:01

Title

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Summary

XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23

Severity

9.9 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE

CWE-95 - Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

Assigner

GitHub_M

References

2 references

URL	Tags
https://github.com/xwiki/xwiki-platform/security/…
https://jira.xwiki.org/browse/XWIKI-19800

Impacted products

1 product

Vendor	Product	Version
xwiki	xwiki-platform	Affected: >= 5.0-milestone-1, < 13.10.7 Affected: >= 14.0.0, < 14.4.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.588Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://jira.xwiki.org/browse/XWIKI-19800"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-41928",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:25.632218Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:01:25.660Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 5.0-milestone-1, \u003c 13.10.7"
            },
            {
              "status": "affected",
              "version": "\u003e= 14.0.0, \u003c 14.4.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.9,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-95",
              "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-23T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
        },
        {
          "url": "https://jira.xwiki.org/browse/XWIKI-19800"
        }
      ],
      "source": {
        "advisory": "GHSA-9hqh-fmhg-vq2j",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41928",
    "datePublished": "2022-11-23T00:00:00.000Z",
    "dateReserved": "2022-09-30T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:01:25.660Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2022-41928",
      "date": "2026-05-27",
      "epss": "0.05936",
      "percentile": "0.90746"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\", \"versionStartExcluding\": \"5.0\", \"versionEndExcluding\": \"13.10.7\", \"matchCriteriaId\": \"E6B1B2D6-35FD-4F3D-9AAF-155D9EDE4974\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"14.0.0\", \"versionEndExcluding\": \"14.4.2\", \"matchCriteriaId\": \"B5DF0A47-B3DD-4A49-BA56-35374D029F02\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*\", \"matchCriteriaId\": \"9AF8F5E0-1EF6-436A-9B8E-85497C9141BE\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:5.0:milestone2:*:*:*:*:*:*\", \"matchCriteriaId\": \"3C7806B8-B5D8-46A4-A724-5B4CA6954FA8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"C9646DA8-7C5A-458E-975C-A67099D43047\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"CDAB9E27-2E41-44EA-BBCB-8015B22272B7\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\"}, {\"lang\": \"es\", \"value\": \" XWiki Platform vulnerable a una Neutralizaci\\u00f3n Inadecuada de Directivas en C\\u00f3digo Evaluado Din\\u00e1micamente (\\\"\\\"Inyecci\\u00f3n de evaluaci\\u00f3n\\\"\\\") en AttachmentSelector.xml. El problema tambi\\u00e9n se puede reproducir insertando un payload peligroso en las propiedades macro \\\"\\\"height\\\"\\\" o \\\"\\\"alt\\\"\\\". Esto se ha parcheado en las versiones 13.10.7, 14.4.2 y 14.5. El problema se puede solucionar en una wiki en ejecuci\\u00f3n actualizando `XWiki.AttachmentSelector` con las siguientes versiones: \\n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 \"}]",
      "id": "CVE-2022-41928",
      "lastModified": "2024-11-21T07:24:05.327",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.1, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 5.9}]}",
      "published": "2022-11-23T19:15:12.637",
      "references": "[{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-19800\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-19800\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Exploit\", \"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-95\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41928\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-11-23T19:15:12.637\",\"lastModified\":\"2024-11-21T07:24:05.327\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\"},{\"lang\":\"es\",\"value\":\" XWiki Platform vulnerable a una Neutralizaci\u00f3n Inadecuada de Directivas en C\u00f3digo Evaluado Din\u00e1micamente (\\\"\\\"Inyecci\u00f3n de evaluaci\u00f3n\\\"\\\") en AttachmentSelector.xml. El problema tambi\u00e9n se puede reproducir insertando un payload peligroso en las propiedades macro \\\"\\\"height\\\"\\\" o \\\"\\\"alt\\\"\\\". Esto se ha parcheado en las versiones 13.10.7, 14.4.2 y 14.5. El problema se puede solucionar en una wiki en ejecuci\u00f3n actualizando `XWiki.AttachmentSelector` con las siguientes versiones: \\n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 \"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\",\"baseScore\":9.9,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.1,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-95\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartExcluding\":\"5.0\",\"versionEndExcluding\":\"13.10.7\",\"matchCriteriaId\":\"E6B1B2D6-35FD-4F3D-9AAF-155D9EDE4974\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"14.0.0\",\"versionEndExcluding\":\"14.4.2\",\"matchCriteriaId\":\"B5DF0A47-B3DD-4A49-BA56-35374D029F02\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*\",\"matchCriteriaId\":\"9AF8F5E0-1EF6-436A-9B8E-85497C9141BE\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:5.0:milestone2:*:*:*:*:*:*\",\"matchCriteriaId\":\"3C7806B8-B5D8-46A4-A724-5B4CA6954FA8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"C9646DA8-7C5A-458E-975C-A67099D43047\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"CDAB9E27-2E41-44EA-BBCB-8015B22272B7\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19800\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-19800\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"title\": \"XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml\", \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2022-11-23T00:00:00.000Z\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\"}], \"affected\": [{\"vendor\": \"xwiki\", \"product\": \"xwiki-platform\", \"versions\": [{\"version\": \"\u003e= 5.0-milestone-1, \u003c 13.10.7\", \"status\": \"affected\"}, {\"version\": \"\u003e= 14.0.0, \u003c 14.4.2\", \"status\": \"affected\"}]}], \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\"}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-19800\"}], \"metrics\": [{\"cvssV3_1\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\", \"baseScore\": 9.9, \"baseSeverity\": \"CRITICAL\"}}], \"problemTypes\": [{\"descriptions\": [{\"type\": \"CWE\", \"lang\": \"en\", \"description\": \"CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)\", \"cweId\": \"CWE-95\"}]}], \"source\": {\"advisory\": \"GHSA-9hqh-fmhg-vq2j\", \"discovery\": \"UNKNOWN\"}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T12:56:38.588Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j\", \"tags\": [\"x_transferred\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-19800\", \"tags\": [\"x_transferred\"]}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-41928\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-22T15:40:25.632218Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-22T15:40:27.528Z\"}}]}",
      "cveMetadata": "{\"state\": \"PUBLISHED\", \"cveId\": \"CVE-2022-41928\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"assignerShortName\": \"GitHub_M\", \"dateUpdated\": \"2025-04-22T16:01:25.660Z\", \"dateReserved\": \"2022-09-30T00:00:00.000Z\", \"datePublished\": \"2022-11-23T00:00:00.000Z\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2022-41928

Vulnerability from fkie_nvd - Published: 2022-11-23 19:15 - Updated: 2024-11-21 07:24

Severity

9.9 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
8.8 (High) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j	Exploit, Patch, Third Party Advisory
security-advisories@github.com	https://jira.xwiki.org/browse/XWIKI-19800	Exploit, Issue Tracking, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j	Exploit, Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://jira.xwiki.org/browse/XWIKI-19800	Exploit, Issue Tracking, Vendor Advisory

Impacted products

Vendor	Product	Version
xwiki	xwiki	*
xwiki	xwiki	*
xwiki	xwiki	5.0
xwiki	xwiki	5.0
xwiki	xwiki	14.4.3
xwiki	xwiki	14.4.4

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "E6B1B2D6-35FD-4F3D-9AAF-155D9EDE4974",
              "versionEndExcluding": "13.10.7",
              "versionStartExcluding": "5.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B5DF0A47-B3DD-4A49-BA56-35374D029F02",
              "versionEndExcluding": "14.4.2",
              "versionStartIncluding": "14.0.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*",
              "matchCriteriaId": "9AF8F5E0-1EF6-436A-9B8E-85497C9141BE",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:5.0:milestone2:*:*:*:*:*:*",
              "matchCriteriaId": "3C7806B8-B5D8-46A4-A724-5B4CA6954FA8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "C9646DA8-7C5A-458E-975C-A67099D43047",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "CDAB9E27-2E41-44EA-BBCB-8015B22272B7",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
    },
    {
      "lang": "es",
      "value": " XWiki Platform vulnerable a una Neutralizaci\u00f3n Inadecuada de Directivas en C\u00f3digo Evaluado Din\u00e1micamente (\"\"Inyecci\u00f3n de evaluaci\u00f3n\"\") en AttachmentSelector.xml. El problema tambi\u00e9n se puede reproducir insertando un payload peligroso en las propiedades macro \"\"height\"\" o \"\"alt\"\". Esto se ha parcheado en las versiones 13.10.7, 14.4.2 y 14.5. El problema se puede solucionar en una wiki en ejecuci\u00f3n actualizando `XWiki.AttachmentSelector` con las siguientes versiones: \n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 "
    }
  ],
  "id": "CVE-2022-41928",
  "lastModified": "2024-11-21T07:24:05.327",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.1,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 8.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2022-11-23T19:15:12.637",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.xwiki.org/browse/XWIKI-19800"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Patch",
        "Third Party Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit",
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.xwiki.org/browse/XWIKI-19800"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-95"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

GHSA-9HQH-FMHG-VQ2J

Vulnerability from github – Published: 2022-11-21 22:34 – Updated: 2022-11-21 22:34

Summary

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') in AttachmentSelector.xml

Details

Impact

Any user with the right to edit his personal page can follow one of the scenario below:

Scenario 1: - Log in as a simple user with just edit rights on the user profile - Go to the user's profile - Upload an attachment in the attachment tab at the bottom of the page (any image is fine) - Click on "rename" in the attachment list and enter {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/async}}.png as new attachment name and submit the rename - Go back to the user profile - Click on the edit icon on the user avatar - Hello from groovy! is displayed as the title of the attachment

Scenario 2: - Log in as a simple user with just edit rights on a page - Create a Page MyPage.WebHome - Create an XClass field of type String named avatar - Add an XObject of type MyPage.WebHome on the page - Insert an attachmentSelector macro in the document with the following values: - classname: MyPage.WebHome - property: avatar - savemode: direct - displayImage: true - width: ]] {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello from groovy!"){{/groovy}}{{/async}}. You'll find below a snippet of an attachmentSelector macro declaration. - Display the page - Use the attachment picker to select an image - Hello from groovy is displayed aside the image

Example of an attachmentSelector macro declaration:

`{{attachmentSelector classname="MyPage.WebHome" property="avatar" savemode="direct" displayImage="true" width="]] {{async async=~"true~" cached=~"false~" context=~"doc.reference~"~}~}{{groovy~}~}println(~"Hello from groovy!~"){{/groovy~}~}{{/async~}~}"/}}`

Note: The issue can also be reproduced by inserting the dangerous payload in the height or alt macro properties.

Patches

The issue can be fixed on a running wiki by updating XWiki.AttachmentSelector with the versions below:

14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23
14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23
13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23

Workarounds

No known workaround.

References

https://jira.xwiki.org/browse/XWIKI-19800

For more information

If you have any questions or comments about this advisory: - Open an issue in Jira XWiki.org - Email us at Security Mailing List

Severity

9.9 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-attachment-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "5.0-milestone-1"
            },
            {
              "fixed": "13.10.7"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-attachment-ui"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "14.0.0"
            },
            {
              "fixed": "14.4.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-41928"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-95"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-11-21T22:34:57Z",
    "nvd_published_at": "2022-11-23T19:15:00Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\nAny user with the right to edit his personal page can follow one of the scenario below:\n\n**Scenario 1**:\n- Log in as a simple user with just edit rights on the user profile\n- Go to the user\u0027s profile\n- Upload an attachment in the attachment tab at the bottom of the page (any image is fine)\n- Click on \"rename\" in the attachment list and enter `{{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"Hello from groovy!\"){{/groovy}}{{/async}}.png` as new attachment name and submit the rename\n- Go back to the user profile\n- Click on the edit icon on the user avatar\n- `Hello from groovy!` is displayed as the title of the attachment\n\n**Scenario 2**:\n- Log in as a simple user with just edit rights on a page\n- Create a Page `MyPage.WebHome`\n- Create an XClass field of type String named `avatar`\n- Add an XObject of type `MyPage.WebHome` on the page\n- Insert an `attachmentSelector` macro in the document with the following values:\n  - **classname**: `MyPage.WebHome`\n  - **property**: `avatar`\n  - **savemode**: `direct`\n  - **displayImage**: `true`\n  - **width**: `]] {{async async=\"true\" cached=\"false\" context=\"doc.reference\"}}{{groovy}}println(\"Hello from groovy!\"){{/groovy}}{{/async}}`. You\u0027ll find below a snippet of an `attachmentSelector` macro declaration.\n- Display the page\n- Use the attachment picker to select an image\n- `Hello from groovy` is displayed aside the image\n\nExample of an `attachmentSelector` macro declaration:\n```\n`{{attachmentSelector classname=\"MyPage.WebHome\" property=\"avatar\" savemode=\"direct\" displayImage=\"true\" width=\"]] {{async async=~\"true~\" cached=~\"false~\" context=~\"doc.reference~\"~}~}{{groovy~}~}println(~\"Hello from groovy!~\"){{/groovy~}~}{{/async~}~}\"/}}`\n```\n\n**Note**: The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties.\n\n### Patches\nThe issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below:\n\n- 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n- 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23\n\n### Workarounds\nNo known workaround.\n\n### References\n- https://jira.xwiki.org/browse/XWIKI-19800\n\n### For more information\nIf you have any questions or comments about this advisory:\n- Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n- Email us at [Security Mailing List](mailto:security@xwiki.org)\n",
  "id": "GHSA-9hqh-fmhg-vq2j",
  "modified": "2022-11-21T22:34:57Z",
  "published": "2022-11-21T22:34:57Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-41928"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-19800"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml"
}

GSD-2022-41928

Vulnerability from gsd - Updated: 2023-12-13 01:19

Details

Aliases

CVE-2022-41928

Aliases

CVE-2022-41928

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2022-41928",
    "id": "GSD-2022-41928"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2022-41928"
      ],
      "details": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23",
      "id": "GSD-2022-41928",
      "modified": "2023-12-13T01:19:32.935099Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2022-41928",
        "STATE": "PUBLIC",
        "TITLE": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "xwiki-platform",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 5.0-milestone-1, \u003c 13.10.7"
                        },
                        {
                          "version_value": "\u003e= 14.0.0, \u003c 14.4.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "xwiki"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.9,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027)"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j",
            "refsource": "CONFIRM",
            "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
          },
          {
            "name": "https://jira.xwiki.org/browse/XWIKI-19800",
            "refsource": "MISC",
            "url": "https://jira.xwiki.org/browse/XWIKI-19800"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-9hqh-fmhg-vq2j",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "[5.0-milestone-1,13.10.7),[14.0.0,14.4.2)",
          "affected_versions": "All versions starting from 5.0-milestone-1 before 13.10.7, all versions starting from 14.0.0 before 14.4.2",
          "cwe_ids": [
            "CWE-1035",
            "CWE-937"
          ],
          "date": "2022-11-21",
          "description": "Privilege escalation (PR) from user profile through the attachment selector",
          "fixed_versions": [
            "13.10.7",
            "14.4.2"
          ],
          "identifier": "GMS-2022-6929",
          "identifiers": [
            "GHSA-9hqh-fmhg-vq2j",
            "GMS-2022-6929",
            "CVE-2022-41928"
          ],
          "not_impacted": "All versions before 5.0-milestone-1, all versions starting from 13.10.7 before 14.0.0, all versions starting from 14.4.2",
          "package_slug": "maven/org.xwiki.platform/xwiki-platform-attachment-ui",
          "pubdate": "2022-11-21",
          "solution": "Upgrade to versions 13.10.7, 14.4.2 or above.",
          "title": "Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml",
          "urls": [
            "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j",
            "https://github.com/advisories/GHSA-9hqh-fmhg-vq2j"
          ],
          "uuid": "f8c71ed9-bbc3-44e9-8409-236011620502"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4.2",
                "versionStartIncluding": "14.0.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "13.10.7",
                "versionStartExcluding": "5.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:5.0:milestone1:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:5.0:milestone2:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2022-41928"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "XWiki Platform vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code (\u0027Eval Injection\u0027) in AttachmentSelector.xml. The issue can also be reproduced by inserting the dangerous payload in the `height` or `alt` macro properties. This has been patched in versions 13.10.7, 14.4.2, and 14.5. The issue can be fixed on a running wiki by updating `XWiki.AttachmentSelector` with the versions below: - 14.5-rc-1+: https://github.com/xwiki/xwiki-platform/commit/eb15147adf94bddb92626f862c1710d45bcd64a7#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 14.4.2+: https://github.com/xwiki/xwiki-platform/commit/c02f8eb1f3c953d124f2c097021536f8bc00fa8d#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23 - 13.10.7+: https://github.com/xwiki/xwiki-platform/commit/efd0df0468d46149ba68b66660b93f31b6318515#diff-e1513599ab698991f6cbba55d38f3f464432ced8d137a668b1f7618c7e747e23"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-95"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j",
              "refsource": "CONFIRM",
              "tags": [
                "Exploit",
                "Patch",
                "Third Party Advisory"
              ],
              "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-9hqh-fmhg-vq2j"
            },
            {
              "name": "https://jira.xwiki.org/browse/XWIKI-19800",
              "refsource": "MISC",
              "tags": [
                "Exploit",
                "Issue Tracking",
                "Vendor Advisory"
              ],
              "url": "https://jira.xwiki.org/browse/XWIKI-19800"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 2.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-11-30T16:38Z",
      "publishedDate": "2022-11-23T19:15Z"
    }
  }
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2022-41928 (GCVE-0-2022-41928)

FKIE_CVE-2022-41928

GHSA-9HQH-FMHG-VQ2J

Impact

Patches

Workarounds

References

For more information

GSD-2022-41928

Tags

Sightings

Nomenclature