Skip to content

Privilege escalation (PR)/RCE from account through AWM view sheet

Critical
tmortagne published GHSA-jgrg-qvpp-9vwr Apr 18, 2023

Package

maven org.xwiki.platform:xwiki-platform-appwithinminutes-ui (Maven)

Affected versions

>= 8.2-milestone-2, >= 7.4.4

Patched versions

14.10.3, 15.0-rc-1

Description

Impact

Steps to reproduce:

  1. As a user without script or programming right, edit your user profile (or any other document) with the wiki editor and add the content {{groovy}}println("Hello " + "from Groovy!"){{/groovy}}
  2. Edit the document with the object editor and add an object of type AppWithinMinutes.LiveTableClass (no values need to be set, just save)
  3. View the document

Patches

The vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.3.

Workarounds

There is no known workaround.

References

https://jira.xwiki.org/browse/XWIKI-20423

For more information

If you have any questions or comments about this advisory:

Severity

Critical
9.9
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CVE ID

CVE-2023-29527

Weaknesses