CVE-2023-29507

CVSS V2 None CVSS V3 None

Description

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Overview

CVE ID
CVE-2023-29507

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-16T07:15:53

Last Modified Date
2023-04-17T13:12:43

Weakness Enumerations

CWE	URL
CWE-648	http://cwe.mitre.org/data/definitions/648.html

References

Reference URL	Reference Tags
https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c
https://jira.xwiki.org/browse/XWIKI-20380

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-29507
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29507

History

Created	Old Value	New Value	Data Type	Notes
2023-04-17 04:49:03				Added to TrackCVE
2023-04-17 04:49:05			Weakness Enumeration	new
2023-04-17 14:01:52		2023-04-17T13:12:43	CVE Modified Date	updated
2023-04-17 14:01:52	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-20 15:01:16	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated