CVE-2023-46731
Remote code execution through the section parameter in Administration as guest in XWiki Platform
In short
XWiki Platform fails to properly escape the section parameter in its administration interface, allowing anyone with read access (including unauthenticated users) to execute arbitrary code, including Groovy, which compromises the entire wiki's security.
Technical detail
The vulnerability exists due to improper input validation and escaping of the section URL parameter in XWiki.AdminSheet, exploitable via unauthenticated HTTP GET/POST requests by users with default read access. Attackers can inject Groovy code that executes server-side with full platform privileges, impacting confidentiality, integrity, and availability of the XWiki instance.
Summary generated and translated by AI from the official description.
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. XWiki doesn't properly escape the section URL parameter that is used in the code for displaying administration sections. This allows any user with read access to the document `XWiki.AdminSheet` (by default, everyone including unauthenticated users) to execute code including Groovy code. This impacts the confidentiality, integrity and availability of the whole XWiki instance. This vulnerability has been patched in XWiki 14.10.14, 15.6 RC1 and 15.5.1. Users are advised to upgrade. Users unablr to upgrade may apply the fix in commit `fec8e0e53f9` manually. Alternatively, to protect against attacks from unauthenticated users, view right for guests can be removed from this document (it is only needed for space and wiki admins).
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
xwiki · xwiki-platformWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803ahttps://github.com/xwiki/xwiki-platform/commit/fec8e0e53f9fa2c3f1e568cc15b0e972727c803a#diff-6271f9be501f30b2ba55459eb451aee3413d34171ba8198a77c865306d174e23https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-62pr-qqf7-hh89https://jira.xwiki.org/browse/XWIKI-21110