CVE-2023-29513

CVSS V2 None CVSS V3 None

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. If guest has view right on any document. It's possible to create a new user using the `distribution/firstadminuser.wiki` in the wrong context. This vulnerability has been patched in XWiki 15.0-rc-1 and 14.10.1. There is no known workaround other than upgrading.

Overview

CVE ID
CVE-2023-29513

Assigner
security-advisories@github.com

Vulnerability Status
Undergoing Analysis

Published Version
2023-04-19T00:15:08

Last Modified Date
2023-04-19T12:39:47

Weakness Enumerations

CWE	URL
CWE-284	http://cwe.mitre.org/data/definitions/284.html

References

Reference URL	Reference Tags
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-fp36-mjw5-fmgx
https://jira.xwiki.org/browse/XWIKI-19852
https://jira.xwiki.org/browse/XWIKI-20400

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-29513
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-29513

History

Created	Old Value	New Value	Data Type	Notes
2023-04-19 01:00:29				Added to TrackCVE
2023-04-19 01:00:31			Weakness Enumeration	new
2023-04-19 13:00:48		2023-04-19T12:39:47	CVE Modified Date	updated
2023-04-19 13:00:48	Received	Awaiting Analysis	Vulnerability Status	updated
2023-04-21 16:00:57	Awaiting Analysis	Undergoing Analysis	Vulnerability Status	updated