CVE-2021-21380 - OpenCVE

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:S/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki:6.4:-::::::
	cpe:2.3:a:xwiki:xwiki:6.4:milestone3::::::
	cpe:2.3:a:xwiki:xwiki:6.4:rc1::::::

References

Link	Resource
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-17662	Issue Tracking Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-03-23T22:45:15

Updated: 2021-03-23T22:45:15

Reserved: 2020-12-22T00:00:00

Link: CVE-2021-21380

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-03-23T23:15:13.630

Modified: 2021-03-24T15:08:35.120

Link: CVE-2021-21380

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "xwiki-platform", "vendor": "xwiki", "versions": [{"status": "affected", "version": "< 12.9"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-89", "description": "CWE-89 SQL Injection", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-03-23T22:45:15", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-17662"}], "source": {"advisory": "GHSA-79rg-7mv3-jrr5", "discovery": "UNKNOWN"}, "title": "Rating Script Service expose XWiki to SQL injection", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-21380", "STATE": "PUBLIC", "TITLE": "Rating Script Service expose XWiki to SQL injection"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xwiki-platform", "version": {"version_data": [{"version_value": "< 12.9"}]}}]}, "vendor_name": "xwiki"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-89 SQL Injection"}]}]}, "references": {"reference_data": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5", "refsource": "CONFIRM", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"}, {"name": "https://jira.xwiki.org/browse/XWIKI-17662", "refsource": "MISC", "url": "https://jira.xwiki.org/browse/XWIKI-17662"}]}, "source": {"advisory": "GHSA-79rg-7mv3-jrr5", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-21380", "datePublished": "2021-03-23T22:45:15", "dateReserved": "2020-12-22T00:00:00", "dateUpdated": "2021-03-23T22:45:15", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "8ED2FCAC-A009-4684-B9D0-F09DE16AD91D", "versionEndIncluding": "12.8", "versionStartIncluding": "6.4.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:6.4:-:*:*:*:*:*:*", "matchCriteriaId": "3E7F4275-7B1E-474A-BE3C-A6F169CD3CD5", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:6.4:milestone3:*:*:*:*:*:*", "matchCriteriaId": "34004E8E-213E-4D7F-A6BF-953A5A5C3CA6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:6.4:rc1:*:*:*:*:*:*", "matchCriteriaId": "485ABFAB-BF8B-4093-9296-EA5F4AA4A804", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions of XWiki Platform (and only those with the Ratings API installed), the Rating Script Service expose an API to perform SQL requests without escaping the from and where search arguments. This might lead to an SQL script injection quite easily for any user having Script rights on XWiki. The problem has been patched in XWiki 12.9RC1. The only workaround besides upgrading XWiki would be to uninstall the Ratings API in XWiki from the Extension Manager."}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios en tiempo de ejecuci\u00f3n para aplicaciones creadas sobre ella. En las versiones afectadas de la plataforma XWiki (y solo aquellas con la API Ratings instalada), el Rating Script Service expone una API para llevar a cabo peticiones SQL sin escapar de los argumentos de b\u00fasqueda desde y d\u00f3nde. Esto podr\u00eda conllevar a una inyecci\u00f3n de Script SQL con bastante facilidad para cualquier usuario que tenga derechos de Script en XWiki. El problema ha sido parcheado en XWiki versi\u00f3n 12.9RC1. La \u00fanica soluci\u00f3n alternativa adem\u00e1s de actualizar XWiki ser\u00eda desinstalar la API Ratings en XWiki desde el Extension Manager"}], "id": "CVE-2021-21380", "lastModified": "2021-03-24T15:08:35.120", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 6.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-03-23T23:15:13.630", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-79rg-7mv3-jrr5"}, {"source": "security-advisories@github.com", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-17662"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-89"}], "source": "security-advisories@github.com", "type": "Secondary"}]}