CVE-2023-50721

Improper Control of Generation of Code ('Code Injection') (CWE-94)

Published: Dec 15, 2023 / Updated: 11mo ago

010
CVSS 9.9EPSS 0.06%Critical
CVE info copied to clipboard

The search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. To reproduce, edit any document with the object editor, add an object of type XWiki.UIExtensionClass, set "Extension Point Id" to org.xwiki.platform.search, set "Extension ID" to {{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack from extension id succeeded!"){{/groovy}}{{/async}}, set "Extension Parameters" to label={{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack from label succeeded!"){{/groovy}}{{/async}} and "Extension Scope" to "Current User". Then open the page XWiki.SearchAdmin, e.g., on http://localhost:8080/xwiki/bin/view/XWiki/SearchAdmin. If there are error log messages in XWiki's log that announce that attacks succeeded, the instance is vulnerable.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Timeline

CVE Assignment

NVD published the first details for CVE-2023-50721

Dec 15, 2023 at 11:15 AM
Vendor Advisory

GitHub Advisories released a security advisory.

Dec 15, 2023 at 4:26 PM
First Article

Feedly found the first article mentioning CVE-2023-50721. See article

Dec 15, 2023 at 7:58 PM / Vulners.com RSS Feed
EPSS

EPSS Score was set to: 0.06% (Percentile: 26.5%)

Dec 16, 2023 at 2:39 PM
Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (996357)

Dec 18, 2023 at 12:00 AM
Static CVE Timeline Graph

Affected Systems

Xwiki/xwiki
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-242: Code Injection
+null more

Vendor Advisory

[GHSA-7654-vfh6-rw6x] Remote code execution from account through SearchAdmin
This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance.

News

XWiki Platform RCE from account through SearchAdminXWiki Platform is a generi...
This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.
CPAI-2023-1523
The post CPAI-2023-1523 appeared first on Check Point Software .
Security Bulletin 20 Dec 2023 - Cyber Security Agency of Singapore
Security Bulletin 20 Dec 2023 Cyber Security Agency of Singapore
Multiple vulnerabilities in XWiki platform
CVE-2023-50721 | XWiki Platform Search Administration Interface code injection (GHSA-7654-vfh6-rw6x)
A vulnerability was found in XWiki Platform and classified as critical . This issue affects some unknown processing of the component Search Administration Interface . The manipulation leads to code injection. The identification of this vulnerability is CVE-2023-50721 . The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.
See 4 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:Low
User Interaction:None
Scope:Changed
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI