CVE-2023-32069

CVSS V2 None CVSS V3 None

Description

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.

Overview

CVE ID
CVE-2023-32069

Assigner
security-advisories@github.com

Vulnerability Status
Received

Published Version
2023-05-09T16:15:15

Last Modified Date
2023-05-09T16:15:15

Weakness Enumerations

CWE	URL
CWE-863	http://cwe.mitre.org/data/definitions/863.html

References

Reference URL	Reference Tags
https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e9534e2ec4
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25f
https://jira.xwiki.org/browse/XWIKI-20566

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2023-32069
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-32069

History

Created	Old Value	New Value	Data Type	Notes
2023-05-09 17:02:37				Added to TrackCVE
2023-05-09 17:02:39			Weakness Enumeration	new