ghsa-f963-4cq8-2gw7
Vulnerability from github
Published
2024-08-19 21:49
Modified
2024-08-19 21:49
Severity ?
9.0 (Critical) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
9.4 (Critical) - CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H
Summary
In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them
Details
Impact
A user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor. The user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content. The payload is executed at edit time.
Patches
This vulnerability has been patched in XWiki 15.10RC1.
Workarounds
No workaround. It is advised to upgrade to XWiki 15.10+.
References
- https://jira.xwiki.org/browse/XWIKI-20331
- https://jira.xwiki.org/browse/XWIKI-21311
- https://jira.xwiki.org/browse/XWIKI-21481
- https://jira.xwiki.org/browse/XWIKI-21482
- https://jira.xwiki.org/browse/XWIKI-21483
- https://jira.xwiki.org/browse/XWIKI-21484
- https://jira.xwiki.org/browse/XWIKI-21485
- https://jira.xwiki.org/browse/XWIKI-21486
- https://jira.xwiki.org/browse/XWIKI-21487
- https://jira.xwiki.org/browse/XWIKI-21488
- https://jira.xwiki.org/browse/XWIKI-21489
- https://jira.xwiki.org/browse/XWIKI-21490
For more information
If you have any questions or comments about this advisory: * Open an issue in Jira XWiki.org * Email us at Security Mailing List
Attribution
This vulnerability has been reported on Intigriti by @floerer
{
"affected": [
{
"package": {
"ecosystem": "Maven",
"name": "org.xwiki.platform:xwiki-platform-web-templates"
},
"ranges": [
{
"events": [
{
"introduced": "0"
},
{
"fixed": "15.10-rc-1"
}
],
"type": "ECOSYSTEM"
}
]
}
],
"aliases": [
"CVE-2024-43401"
],
"database_specific": {
"cwe_ids": [
"CWE-269",
"CWE-862"
],
"github_reviewed": true,
"github_reviewed_at": "2024-08-19T21:49:15Z",
"nvd_published_at": "2024-08-19T17:15:09Z",
"severity": "CRITICAL"
},
"details": "### Impact\n\nA user without script/programming right can trick a user with elevated rights to edit a content with a malicious payload using a WYSIWYG editor.\nThe user with elevated rights is not warned beforehand that they are going to edit possibly dangerous content.\nThe payload is executed at edit time.\n\n### Patches\n\nThis vulnerability has been patched in XWiki 15.10RC1.\n\n### Workarounds\n\nNo workaround. It is advised to upgrade to XWiki 15.10+.\n\n### References\n\n* https://jira.xwiki.org/browse/XWIKI-20331\n* https://jira.xwiki.org/browse/XWIKI-21311\n* https://jira.xwiki.org/browse/XWIKI-21481\n* https://jira.xwiki.org/browse/XWIKI-21482\n* https://jira.xwiki.org/browse/XWIKI-21483\n* https://jira.xwiki.org/browse/XWIKI-21484\n* https://jira.xwiki.org/browse/XWIKI-21485\n* https://jira.xwiki.org/browse/XWIKI-21486\n* https://jira.xwiki.org/browse/XWIKI-21487\n* https://jira.xwiki.org/browse/XWIKI-21488\n* https://jira.xwiki.org/browse/XWIKI-21489\n* https://jira.xwiki.org/browse/XWIKI-21490\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n* Open an issue in [Jira XWiki.org](https://jira.xwiki.org/)\n* Email us at [Security Mailing List](mailto:security@xwiki.org)\n\n### Attribution\n\nThis vulnerability has been reported on Intigriti by @floerer",
"id": "GHSA-f963-4cq8-2gw7",
"modified": "2024-08-19T21:49:15Z",
"published": "2024-08-19T21:49:15Z",
"references": [
{
"type": "WEB",
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f963-4cq8-2gw7"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-43401"
},
{
"type": "PACKAGE",
"url": "https://github.com/xwiki/xwiki-platform"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-20331"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21311"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21481"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21482"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21483"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21484"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21485"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21486"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21487"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21488"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21489"
},
{
"type": "WEB",
"url": "https://jira.xwiki.org/browse/XWIKI-21490"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"type": "CVSS_V3"
},
{
"score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:P/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H",
"type": "CVSS_V4"
}
],
"summary": "In XWiki Platform, payloads stored in content is executed when a user with script/programming right edit them"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.