CVE-2022-23620

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like "../", "./". or "/" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export.

CVSS v3 6.8 MEDIUM
CVSS v2.0 5.8 MEDIUM

6.8^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.0 / Impact : 5.3

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact LOW

Availability Impact HIGH

Scope CHANGED

5.8^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:M/Au:N/C:P/I:P/A:N

Exploitability : 8.6 / Impact : 4.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5	Patch Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18819	Patch Vendor Advisory
https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5	Patch Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-18819	Patch Vendor Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2022-02-09 22:15

Updated : 2024-11-21 06:48

NVD link : CVE-2022-23620

Mitre link : CVE-2022-23620

CVE.ORG link : CVE-2022-23620

JSON object : View

Products Affected

xwiki

xwiki

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-116

Improper Encoding or Escaping of Output

{"id": "CVE-2022-23620", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 5.3, "exploitabilityScore": 1.0}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.4, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "integrityImpact": "LOW", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 2.5, "exploitabilityScore": 2.8}]}, "published": "2022-02-09T22:15:07.420", "references": [{"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://jira.xwiki.org/browse/XWIKI-18819", "tags": ["Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5", "tags": ["Patch", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://jira.xwiki.org/browse/XWIKI-18819", "tags": ["Patch", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document references when serializing it on filesystem, it is possible to for the HTML export process to contain reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general. The referenced elements are not properly escaped. This issue has been resolved in version 13.6-rc-1. This issue can be worked around by limiting or disabling document export."}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de tiempo de ejecuci\u00f3n para las aplicaciones construidas sobre ella. En las versiones afectadas AbstractSxExportURLFactoryActionHandler#processSx no escapa nada de las referencias de los documentos SSX cuando los serializa en el sistema de ficheros, es posible que el proceso de exportaci\u00f3n HTML contenga elementos de referencia que contengan sintaxis del sistema de ficheros como \"../\", \"./\". o \"/\" en general. Los elementos referenciados no son escapados apropiadamente. Este problema ha sido resuelto en versi\u00f3n 13.6-rc-1. Este problema puede mitigarse limitando o deshabilitando la exportaci\u00f3n de documentos"}], "lastModified": "2024-11-21T06:48:57.067", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "768B0583-1A6C-4E1D-9061-9B39BBBF67AB", "versionEndIncluding": "13.6"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}