CVE-2022-41931

CVSS V2 None CVSS V3 None
Description
xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.
Overview
  • CVE ID
  • CVE-2022-41931
  • Assigner
  • security-advisories@github.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2022-11-23T20:15:10
  • Last Modified Date
  • 2022-11-30T17:00:37
Weakness Enumerations
CWE URL
CWE-95 http://cwe.mitre.org/data/definitions/95.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 13.10.7
cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* 1 OR 14.0.0 14.4.2
cpe:2.3:a:xwiki:xwiki:6.4:milestone2:*:*:*:*:*:* 1 OR
cpe:2.3:a:xwiki:xwiki:6.4:milestone3:*:*:*:*:*:* 1 OR
cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:* 1 OR
cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:* 1 OR
References
Reference URL Reference Tags
https://jira.xwiki.org/browse/XWIKI-19805
https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-41931
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-41931
History
Created Old Value New Value Data Type Notes
2022-11-23 21:00:11 Added to TrackCVE
2022-12-07 18:02:28 2022-11-23T20:15Z 2022-11-23T20:15:10 CVE Published Date updated
2022-12-07 18:02:28 2022-11-30T17:00:37 CVE Modified Date updated
2022-12-07 18:02:28 Analyzed Vulnerability Status updated
2022-12-07 18:02:30 CPE Information updated