Exploit
CVE-2023-29214

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') (CWE-95)

Published: Apr 12, 2023

010
CVSS 8.8EPSS 0.07%High
CVE info copied to clipboard

XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Timeline

First Article

Feedly found the first article mentioning CVE-2023-29214. See article

Apr 12, 2023 at 8:37 PM / github.com
EPSS

EPSS Score was set to: 0.07% (Percentile: 28.8%)

Sep 19, 2023 at 4:47 AM
Static CVE Timeline Graph

Affected Systems

Xwiki/xwiki
+null more

Exploits

https://jira.xwiki.org/browse/XWIKI-20306
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-35: Leverage Executable Code in Non-Executable Files
+null more

Vendor Advisory

[GHSA-qx9h-c5v6-ghqh] org.xwiki.platform:xwiki-platform-panels-ui Eval Injection vulnerability
The root cause is improper escaping of the included pages in the IncludedDocuments panel. XWiki.Hello from Groovy in included document!

News

Update Mon Jul 3 00:13:30 UTC 2023
Update Mon Jul 3 00:13:30 UTC 2023
Security Bulletin 3 May 2023 - Cyber Security Agency of Singapore
Security Bulletin 3 May 2023 Cyber Security Agency of Singapore
CVE-2023-29214 Exploit
CVE Id : CVE-2023-29214 Published Date: 2023-04-26T17:15:00+00:00 XWiki Commons are technical libraries common to several other top level XWiki projects. Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of the included pages in the IncludedDocuments panel. The problem has been patched on XWiki 14.4.7, and 14.10. inTheWild added a link to an exploit: https://jira.xwiki.org/browse/XWIKI-20306
@RISK: The Consensus Security Vulnerability Alert: Vol. 23, Num. 16
CVE-2023-29511 - XWiki Platform allows any user with edit rights to execute arbitrary code and gain full access to the installation due to improper escaping of section ids, patched in versions 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11. CVE-2023-29518 - XWiki Platform allows arbitrary code execution for any user with view rights due to improper escaping of `Invitation.InvitationCommon`, but the vulnerability has been patched in recent versions.
CVE-2023-29214
Any user with edit rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. - CVSS Scores & Vulnerability Types
See 10 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI