cvelistv5 - cve-2024-41947

CVE-2024-41947 (GCVE-0-2024-41947)

Vulnerability from cvelistv5 – Published: 2024-07-31 15:24 – Updated: 2024-08-13 13:36

Summary

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.

Severity ?

9.1 (Critical)


                        
                          CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE

CWE-80 - Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)

Assigner

GitHub_M

References

URL

Tags

	https://github.com/xwiki/xwiki-platform/security/…	x_refsource_CONFIRM
	https://github.com/xwiki/xwiki-platform/commit/82…	x_refsource_MISC
	https://github.com/xwiki/xwiki-platform/commit/e0…	x_refsource_MISC
	https://jira.xwiki.org/browse/XWIKI-21626	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	xwiki	xwiki-platform	Affected: >= 11.8-rc-1, < 15.10.8 Affected: >= 16.0.0-rc-1, < 16.3.0-rc-1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "affected": [
          {
            "cpes": [
              "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
            ],
            "defaultStatus": "unknown",
            "product": "xwiki",
            "vendor": "xwiki",
            "versions": [
              {
                "lessThan": "15.10.8",
                "status": "affected",
                "version": "11.8-rc-1",
                "versionType": "custom"
              },
              {
                "lessThan": "16.3.0-rc-1",
                "status": "affected",
                "version": "16.0.0-rc-1",
                "versionType": "custom"
              }
            ]
          }
        ],
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-41947",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-07-31T15:55:49.598423Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-08-13T13:36:59.723Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "xwiki-platform",
          "vendor": "xwiki",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 11.8-rc-1, \u003c 15.10.8"
            },
            {
              "status": "affected",
              "version": "\u003e= 16.0.0-rc-1, \u003c 16.3.0-rc-1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.1,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-80",
              "description": "CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-07-31T15:24:20.271Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f"
        },
        {
          "name": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34"
        },
        {
          "name": "https://jira.xwiki.org/browse/XWIKI-21626",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://jira.xwiki.org/browse/XWIKI-21626"
        }
      ],
      "source": {
        "advisory": "GHSA-692v-783f-mg8x",
        "discovery": "UNKNOWN"
      },
      "title": "XWiki Platform XSS through conflict resolution"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-41947",
    "datePublished": "2024-07-31T15:24:20.271Z",
    "dateReserved": "2024-07-24T16:51:40.948Z",
    "dateUpdated": "2024-08-13T13:36:59.723Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.8\", \"versionEndExcluding\": \"15.10.8\", \"matchCriteriaId\": \"B17E1B0C-1A3C-48A9-80A5-22AD0EFC15AB\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"16.0\", \"versionEndExcluding\": \"16.3.0\", \"matchCriteriaId\": \"57BAD7E7-E9E4-4960-9F94-895F252BB527\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.\"}, {\"lang\": \"es\", \"value\": \" XWiki Platform es una plataforma wiki gen\\u00e9rica que ofrece servicios de ejecuci\\u00f3n para aplicaciones creadas sobre ella. Al crear un conflicto cuando otro usuario con m\\u00e1s derechos est\\u00e1 editando una p\\u00e1gina, es posible ejecutar fragmentos de JavaScript del otro usuario, lo que compromete la confidencialidad, integridad y disponibilidad de toda la instalaci\\u00f3n de XWiki. Esto ha sido parcheado en XWiki 15.10.8 y 16.3.0RC1.\"}]",
      "id": "CVE-2024-41947",
      "lastModified": "2024-09-06T20:46:01.477",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\", \"baseScore\": 5.4, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 2.7}]}",
      "published": "2024-07-31T16:15:04.540",
      "references": "[{\"url\": \"https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21626\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Issue Tracking\", \"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Analyzed",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-80\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-79\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2024-41947\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-07-31T16:15:04.540\",\"lastModified\":\"2024-09-06T20:46:01.477\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.\"},{\"lang\":\"es\",\"value\":\" XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Al crear un conflicto cuando otro usuario con m\u00e1s derechos est\u00e1 editando una p\u00e1gina, es posible ejecutar fragmentos de JavaScript del otro usuario, lo que compromete la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esto ha sido parcheado en XWiki 15.10.8 y 16.3.0RC1.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N\",\"baseScore\":5.4,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":2.3,\"impactScore\":2.7}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-80\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-79\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.8\",\"versionEndExcluding\":\"15.10.8\",\"matchCriteriaId\":\"B17E1B0C-1A3C-48A9-80A5-22AD0EFC15AB\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"16.0\",\"versionEndExcluding\":\"16.3.0\",\"matchCriteriaId\":\"57BAD7E7-E9E4-4960-9F94-895F252BB527\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-21626\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Issue Tracking\",\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-41947\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-07-31T15:55:49.598423Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\"], \"vendor\": \"xwiki\", \"product\": \"xwiki\", \"versions\": [{\"status\": \"affected\", \"version\": \"11.8-rc-1\", \"lessThan\": \"15.10.8\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16.0.0-rc-1\", \"lessThan\": \"16.3.0-rc-1\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-31T15:58:30.116Z\"}}], \"cna\": {\"title\": \"XWiki Platform XSS through conflict resolution\", \"source\": {\"advisory\": \"GHSA-692v-783f-mg8x\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"xwiki\", \"product\": \"xwiki-platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 11.8-rc-1, \u003c 15.10.8\"}, {\"status\": \"affected\", \"version\": \"\u003e= 16.0.0-rc-1, \u003c 16.3.0-rc-1\"}]}], \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x\", \"name\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f\", \"name\": \"https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34\", \"name\": \"https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21626\", \"name\": \"https://jira.xwiki.org/browse/XWIKI-21626\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-80\", \"description\": \"CWE-80: Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-07-31T15:24:20.271Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2024-41947\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-13T13:36:59.723Z\", \"dateReserved\": \"2024-07-24T16:51:40.948Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-07-31T15:24:20.271Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

FKIE_CVE-2024-41947

Vulnerability from fkie_nvd - Published: 2024-07-31 16:15 - Updated: 2024-09-06 20:46

Severity ?

9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f	Patch
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34	Patch
security-advisories@github.com	https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x	Vendor Advisory
security-advisories@github.com	https://jira.xwiki.org/browse/XWIKI-21626	Issue Tracking, Vendor Advisory

Impacted products

	Vendor	Product	Version
	xwiki	xwiki	*
	xwiki	xwiki	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B17E1B0C-1A3C-48A9-80A5-22AD0EFC15AB",
              "versionEndExcluding": "15.10.8",
              "versionStartIncluding": "11.8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "57BAD7E7-E9E4-4960-9F94-895F252BB527",
              "versionEndExcluding": "16.3.0",
              "versionStartIncluding": "16.0",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.8 and 16.3.0RC1."
    },
    {
      "lang": "es",
      "value": " XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Al crear un conflicto cuando otro usuario con m\u00e1s derechos est\u00e1 editando una p\u00e1gina, es posible ejecutar fragmentos de JavaScript del otro usuario, lo que compromete la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esto ha sido parcheado en XWiki 15.10.8 y 16.3.0RC1."
    }
  ],
  "id": "CVE-2024-41947",
  "lastModified": "2024-09-06T20:46:01.477",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 9.0,
          "baseSeverity": "CRITICAL",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 6.0,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-31T16:15:04.540",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Issue Tracking",
        "Vendor Advisory"
      ],
      "url": "https://jira.xwiki.org/browse/XWIKI-21626"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-80"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

WID-SEC-W-2024-1738

Vulnerability from csaf_certbund - Published: 2024-07-31 22:00 - Updated: 2024-07-31 22:00

Summary

xwiki: Mehrere Schwachstellen

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung

XWiki ist eine Open-Source-Wiki-Software-Plattform, für die Erstellung und Verwaltung von Wikis und Knowledge-Management-Systemen

Angriff

Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in xwiki ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuführen und beliebigen Code auszuführen.

Betroffene Betriebssysteme

- Sonstiges - UNIX - Windows

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "XWiki ist eine Open-Source-Wiki-Software-Plattform, f\u00fcr die Erstellung und Verwaltung von Wikis und Knowledge-Management-Systemen",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, authentisierter Angreifer kann mehrere Schwachstellen in xwiki ausnutzen, um Sicherheitsvorkehrungen zu umgehen, einen Cross-Site-Scripting-Angriff durchzuf\u00fchren und beliebigen Code auszuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Sonstiges\n- UNIX\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-1738 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-1738.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-1738 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-1738"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-07-31",
        "url": "https://github.com/advisories/GHSA-33gp-gmg3-hfpq"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-07-31",
        "url": "https://github.com/advisories/GHSA-692v-783f-mg8x"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-07-31",
        "url": "https://github.com/advisories/GHSA-h63h-5c77-77p5"
      },
      {
        "category": "external",
        "summary": "GitHub Advisory Database vom 2024-07-31",
        "url": "https://github.com/advisories/GHSA-wf3x-jccf-5g5g"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-07-31",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37898"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-07-31",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41947"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-07-31",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37901"
      },
      {
        "category": "external",
        "summary": "NIST Vulnerability Database vom 2024-07-31",
        "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-37900"
      }
    ],
    "source_lang": "en-US",
    "title": "xwiki: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-31T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:11:52.563+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-1738",
      "initial_release_date": "2024-07-31T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-07-31T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "\u003c14.10.21",
                "product": {
                  "name": "Open Source xwiki \u003c14.10.21",
                  "product_id": "T036531"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.5.5",
                "product": {
                  "name": "Open Source xwiki \u003c15.5.5",
                  "product_id": "T036532"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.10.6",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.6",
                  "product_id": "T036533"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.10.8",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.8",
                  "product_id": "T036534"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.3.0-rc-1",
                "product": {
                  "name": "Open Source xwiki \u003c16.3.0-rc-1",
                  "product_id": "T036535"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c16.0.0",
                "product": {
                  "name": "Open Source xwiki \u003c16.0.0",
                  "product_id": "T036536"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c15.10.2",
                "product": {
                  "name": "Open Source xwiki \u003c15.10.2",
                  "product_id": "T036537"
                }
              }
            ],
            "category": "product_name",
            "name": "xwiki"
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2024-37898",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in xwiki aufgrund einer unsachgem\u00e4\u00dfen Durchsetzung der Zugriffskontrolle f\u00fcr Bearbeitungsrechte, die es einem Benutzer mit reinen Bearbeitungsrechten erlaubt, eine Seite zu l\u00f6schen und zu ersetzen, ohne \u00fcber L\u00f6schrechte zu verf\u00fcgen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um die Autorisierung zu umgehen."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036537"
        ]
      },
      "release_date": "2024-07-31T22:00:00.000+00:00",
      "title": "CVE-2024-37898"
    },
    {
      "cve": "CVE-2024-37900",
      "notes": [
        {
          "category": "description",
          "text": "In xwiki existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036537"
        ]
      },
      "release_date": "2024-07-31T22:00:00.000+00:00",
      "title": "CVE-2024-37900"
    },
    {
      "cve": "CVE-2024-37901",
      "notes": [
        {
          "category": "description",
          "text": "Es besteht eine Schwachstelle in xwiki aufgrund einer unsachgem\u00e4\u00dfen Validierung von Objekteigenschaften. Ein entfernter, authentisierter Angreifer mit ausschlie\u00dflich Editierrechten k\u00f6nnte diese Schwachstelle ausnutzen, um beliebigen Code ohne Skripting- oder Programmierrechte auszuf\u00fchren."
        }
      ],
      "release_date": "2024-07-31T22:00:00.000+00:00",
      "title": "CVE-2024-37901"
    },
    {
      "cve": "CVE-2024-41947",
      "notes": [
        {
          "category": "description",
          "text": "In xwiki existiert eine Cross-Site Scripting Schwachstelle. HTML und Script-Eingaben werden nicht ordnungsgem\u00e4\u00df \u00fcberpr\u00fcft, bevor sie an den Benutzer zur\u00fcckgegeben werden. Ein entfernter, authentisierter Angreifer kann durch Ausnutzung dieser Schwachstelle beliebigen HTML- und Script-Code durch den Browser des Benutzers im Kontext der betroffenen Seite ausf\u00fchren. Zur erfolgreichen Ausnutzung ist eine Benutzeraktion erforderlich."
        }
      ],
      "product_status": {
        "known_affected": [
          "T036537",
          "T036533"
        ]
      },
      "release_date": "2024-07-31T22:00:00.000+00:00",
      "title": "CVE-2024-41947"
    }
  ]
}

GHSA-692V-783F-MG8X

Vulnerability from github – Published: 2024-07-31 16:54 – Updated: 2024-07-31 20:20

Summary

XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution

Details

Impact

By creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation.

To reproduce on a XWiki instance, a user with admin rights needs to edit a document without saving right away. Then, as another user without any other right than edit on the specific document, change the whole content to <script>alert('XSS')</script>. When the admin user then saves the document, a conflict popup appears. If they select "Fix each conflict individually" and see an alert displaying "XSS", then the instance is vulnerable.

Patches

This has been patched in XWiki 15.10.8 and 16.3.0RC1.

Workarounds

We're not aware of any workaround except upgrading.

References

https://jira.xwiki.org/browse/XWIKI-21626
https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f

For more information

If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List

Severity ?

9.0 (Critical)


                  
                    CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

9.4 (Critical)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-web-templates"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "11.8-rc-1"
            },
            {
              "fixed": "15.10.8"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-web-templates"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "16.0.0-rc-1"
            },
            {
              "fixed": "16.3.0-rc-1"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2024-41947"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-79",
      "CWE-80"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2024-07-31T16:54:36Z",
    "nvd_published_at": "2024-07-31T16:15:04Z",
    "severity": "CRITICAL"
  },
  "details": "### Impact\n\nBy creating a conflict when another user with more rights is currently editing a page, it is possible to execute JavaScript snippets on the side of the other user, which compromises the confidentiality, integrity and availability of the whole XWiki installation.\n\nTo reproduce on a XWiki instance, a user with admin rights needs to edit a document without saving right away.\nThen, as another user without any other right than edit on the specific document, change the whole content to `\u003cscript\u003ealert(\u0027XSS\u0027)\u003c/script\u003e`.\nWhen the admin user then saves the document, a conflict popup appears. If they select \"Fix each conflict individually\" and see an alert displaying \"XSS\", then the instance is vulnerable.\n\n### Patches\n\nThis has been patched in XWiki 15.10.8 and 16.3.0RC1.\n\n### Workarounds\n\nWe\u0027re not aware of any workaround except upgrading.\n\n### References\n\n* https://jira.xwiki.org/browse/XWIKI-21626\n* https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)",
  "id": "GHSA-692v-783f-mg8x",
  "modified": "2024-07-31T20:20:42Z",
  "published": "2024-07-31T16:54:36Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-692v-783f-mg8x"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41947"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/821d43ec45e67d45a6735a0717b9b77fffc1cd9f"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/e00e159d3737397eebd1f6ff925c1f5cb7cdec34"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-21626"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
      "type": "CVSS_V4"
    }
  ],
  "summary": "XWiki Platform vulnerable to Cross-Site Scripting (XSS) through conflict resolution"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2024-41947 (GCVE-0-2024-41947)

FKIE_CVE-2024-41947

WID-SEC-W-2024-1738

GHSA-692V-783F-MG8X

Impact

Patches

Workarounds

References

For more information

Tags

Sightings

Nomenclature