CVE-2022-29253
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE-22)
Published: May 25, 2022 / Updated: 30mo ago
010
CVSS 2.7EPSS 0.07%Low
CVE info copied to clipboard
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with ".." in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue.
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N
Timeline
First Article
Feedly found the first article mentioning CVE-2022-29253. See article
May 25, 2022 at 9:06 PM / twitter.com
EPSS
EPSS Score was set to: 0.07% (Percentile: 28.5%)
Oct 2, 2023 at 9:11 AM
Affected Systems
Xwiki/xwiki
+null more
Patches
Github Advisory
+null more
Attack Patterns
CAPEC-126: Path Traversal
+null more
Vendor Advisory
Path Traversal in XWiki Platform
Package Information There's no easy workaround for this issue, administrators should upgrade their wiki.
News
🚨 NEW: CVE-2022-29253 🚨 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask fo... (click for more) Severity: LOW https://nvd.nist.gov/vuln/detail/CVE-2022-29253
🚨 NEW: CVE-2022-29253 🚨 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask fo... (click for more) Severity: LOW nvd.nist.gov/vuln/detail/CVE…
Path Traversal in XWiki Platform
Package Information There's no easy workaround for this issue, administrators should upgrade their wiki.
CVE-2022-29253
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask for any file located in the classloader using the template API and a path with “..” in it. The issue is patched in versions 14.0 and 13.10.3. There is no easy workaround for this issue. Read More
🚨 NEW: CVE-2022-29253 🚨 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask fo... (click for more) https://nvd.nist.gov/vuln/detail/CVE-2022-29253
🚨 NEW: CVE-2022-29253 🚨 XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting with version 8.3-rc-1 and prior to versions 12.10.3 and 14.0, one can ask fo... (click for more) nvd.nist.gov/vuln/detail/CVE…
CVE-2022-29253 | XWiki Platform up to 8.3-rc1/12.10.3/13.10.2 Template API path traversal (GHSA-9qrp-h7fw-42hg)
A vulnerability classified as problematic was found in XWiki Platform up to 8.3-rc1/12.10.3/13.10.2. This vulnerability affects unknown code of the component Template API . The manipulation leads to directory traversal. This vulnerability was named CVE-2022-29253 . The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 13 more articles and social media posts