FKIE_CVE-2023-28836

Vulnerability from fkie_nvd - Published: 2023-04-03 17:15 - Updated: 2024-11-21 07:56
Severity ?
6.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H
5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N
Summary
Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user's credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the "Choose a parent page" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality.
References
security-advisories@github.comhttps://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentviewProduct
security-advisories@github.comhttps://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectviewProduct
security-advisories@github.comhttps://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62Patch
security-advisories@github.comhttps://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713Release Notes
security-advisories@github.comhttps://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33afRelease Notes
security-advisories@github.comhttps://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91Patch
security-advisories@github.comhttps://github.com/wagtail/wagtail/releases/tag/v4.2.2Release Notes
security-advisories@github.comhttps://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2Mitigation, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentviewProduct
af854a3a-2127-422b-91ae-364da2661108https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectviewProduct
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33afRelease Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/releases/tag/v4.2.2Release Notes
af854a3a-2127-422b-91ae-364da2661108https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2Mitigation, Vendor Advisory
Impacted products
Vendor Product Version
torchbox wagtail *
torchbox wagtail *
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "2431A916-407F-441E-BCBC-880EDF09596C",
              "versionEndExcluding": "4.1.4",
              "versionStartIncluding": "1.5",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:torchbox:wagtail:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1B8BD9-78D3-4032-95EB-E0FFF890198D",
              "versionEndExcluding": "4.2.2",
              "versionStartIncluding": "4.2",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Wagtail is an open source content management system built on Django. Starting in version 1.5 and prior to versions 4.1.4 and 4.2.2, a stored cross-site scripting (XSS) vulnerability exists on ModelAdmin views within the Wagtail admin interface. A user with a limited-permission editor account for the Wagtail admin could potentially craft pages and documents that, when viewed by a user with higher privileges, could perform actions with that user\u0027s credentials. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin, and only affects sites with ModelAdmin enabled. For page, the vulnerability is in the \"Choose a parent page\" ModelAdmin view (`ChooseParentView`), available when managing pages via ModelAdmin. For documents, the vulnerability is in the ModelAdmin Inspect view (`InspectView`) when displaying document fields. Patched versions have been released as Wagtail 4.1.4 and Wagtail 4.2.2. Site owners who are unable to upgrade to the new versions can disable or override the corresponding functionality."
    }
  ],
  "id": "CVE-2023-28836",
  "lastModified": "2024-11-21T07:56:07.463",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 6.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 0.5,
        "impactScore": 5.9,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.4,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "LOW",
          "scope": "CHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.3,
        "impactScore": 2.7,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-04-03T17:15:06.957",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Product"
      ],
      "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/chooseparentview.html#customising-chooseparentview"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Product"
      ],
      "url": "https://docs.wagtail.org/en/stable/reference/contrib/modeladmin/inspectview.html#enabling-customising-inspectview"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/5be2b1ed55fd7259dfdf2c82e7701dba407b8b62"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/bc84bf9815610cfbf8db3b6050c7ddcbaa4b9713"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/eefc3381d37b476791610e5d30594fae443f33af"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/wagtail/wagtail/commit/ff806ab173a504395fdfb3139eb0a29444ab4b91"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/wagtail/wagtail/releases/tag/v4.2.2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mitigation",
        "Vendor Advisory"
      ],
      "url": "https://github.com/wagtail/wagtail/security/advisories/GHSA-5286-f2rf-35c2"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-79"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.