{ "schema_version": "1.4.0", "id": "GHSA-3738-p9x3-mv9r", "modified": "2023-03-03T22:48:40Z", "published": "2023-03-03T22:48:40Z", "aliases": [ "CVE-2023-26474" ], "summary": "XWiki Platform vulnerable to privilege escalation via properties with wiki syntax that are executed with wrong author", "details": "### Impact\n\nIt's possible to use the right of an existing document content author to execute a text area property.\n\nTo reproduce:\n\n* As an admin with programming rights, create a new user without script or programming right.\n* Login with the freshly created user.\n* Insert the following text in source mode in the about section:\n```\n {{groovy}}println(\"hello from groovy!\"){{/groovy}}\n```\n* Click \"Save & View\"\n\n### Patches\n\nThis has been patched in XWiki 14.10, 14.4.7, and 13.10.11.\n\n### Workarounds\n\nNo known workaround.\n\n### References\nhttps://jira.xwiki.org/browse/XWIKI-20373\n\n### For more information\nIf you have any questions or comments about this advisory:\n\n* Open an issue in [Jira](http://jira.xwiki.org/)\n* Email us at [Security ML](mailto:security@xwiki.org)", "severity": [ { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H" } ], "affected": [ { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "13.10" }, { "fixed": "13.10.11" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-legacy-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "13.10" }, { "fixed": "13.10.11" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "14.0" }, { "fixed": "14.4.7" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-legacy-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "14.0" }, { "fixed": "14.4.7" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "14.5" }, { "fixed": "14.10" } ] } ] }, { "package": { "ecosystem": "Maven", "name": "org.xwiki.platform:xwiki-platform-legacy-oldcore" }, "ranges": [ { "type": "ECOSYSTEM", "events": [ { "introduced": "14.5" }, { "fixed": "14.10" } ] } ] } ], "references": [ { "type": "WEB", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-3738-p9x3-mv9r" }, { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-26474" }, { "type": "PACKAGE", "url": "https://github.com/xwiki/xwiki-platform" }, { "type": "WEB", "url": "https://jira.xwiki.org/browse/XWIKI-20373" } ], "database_specific": { "cwe_ids": [ "CWE-284" ], "severity": "CRITICAL", "github_reviewed": true, "github_reviewed_at": "2023-03-03T22:48:40Z", "nvd_published_at": "2023-03-02T19:15:00Z" } }