SB2023121841 - Multiple vulnerabilities in XWiki platform

Description

This security bulletin contains information about 5 secuirty vulnerabilities.

1) Code Injection (CVE-ID: CVE-2023-50723)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation. A remote user with ability to edit a wiki page can inject and and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

2) Information disclosure (CVE-ID: CVE-2023-50720)

The vulnerability allows a remote user to gain access to potentially sensitive information.

The vulnerability exists due to excessive data output by the Solr-based search in XWiki. A remote user can obtain email addresses of other web application users even when obfuscation of email addresses is enabled.

3) Code Injection (CVE-ID: CVE-2023-50721)

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability exists due to improper input validation within the search administration interface. A remote privileged user can send a specially crafted request and execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

4) Information disclosure (CVE-ID: CVE-2023-50719)

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. A remote attacker can gain unauthorized access to sensitive information.

5) Cross-site scripting (CVE-ID: CVE-2023-50722)

The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data in in XWiki.ConfigurableClass. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Remediation

Install update from vendor's website.

References

• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qj86-p74r-7wp5
• https://github.com/xwiki/xwiki-platform/commit/0f367aaae4e0696f61cf5a67a75edd27d1d16db6
• https://github.com/xwiki/xwiki-platform/commit/1157c1ecea395aac7f64cd8a6f484b1225416dc7
• https://github.com/xwiki/xwiki-platform/commit/749f6aee1bfbcf191c3734ea0aa9eba3aa63240e
• https://github.com/xwiki/xwiki-platform/commit/bd82be936c21b65dee367d558e3050b9b6995713
• https://jira.xwiki.org/browse/XWIKI-21121
• https://jira.xwiki.org/browse/XWIKI-21122
• https://jira.xwiki.org/browse/XWIKI-21194
• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2grh-gr37-2283
• https://github.com/xwiki/xwiki-platform/commit/3e5272f2ef0dff06a8f4db10afd1949b2f9e6eea
• https://jira.xwiki.org/browse/XWIKI-20371
• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x
• https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766
• https://jira.xwiki.org/browse/XWIKI-21200
• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-p6cp-6r35-32mh
• https://jira.xwiki.org/browse/XWIKI-21208
• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cp3j-273x-3jxc
• https://github.com/xwiki/xwiki-platform/commit/5e14c8d08fd0c5b619833d35090b470aa4cb52b0
• https://jira.xwiki.org/browse/XWIKI-21167