CVE-2022-23622 - OpenCVE

Vendors	Products
Xwiki	Xwiki

Link	Resource
https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9	Patch Third Party Advisory
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr	Third Party Advisory
https://jira.xwiki.org/browse/XWIKI-19291	Patch Vendor Advisory

{"containers": {"cna": {"affected": [{"product": "xwiki-platform", "vendor": "xwiki", "versions": [{"status": "affected", "version": ">= 2.6.1, < 12.10.11"}, {"status": "affected", "version": ">= 13.0.0, < 13.4.7"}, {"status": "affected", "version": ">= 13.10.0, < 13.10.3"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" />`. If for some reason it's not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-02-09T21:40:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-19291"}], "source": {"advisory": "GHSA-gx6h-936c-vrrr", "discovery": "UNKNOWN"}, "title": "Cross site scripting in registration template in xwiki-platform", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-23622", "STATE": "PUBLIC", "TITLE": "Cross site scripting in registration template in xwiki-platform"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "xwiki-platform", "version": {"version_data": [{"version_value": ">= 2.6.1, < 12.10.11"}, {"version_value": ">= 13.0.0, < 13.4.7"}, {"version_value": ">= 13.10.0, < 13.10.3"}]}}]}, "vendor_name": "xwiki"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" />`. If for some reason it's not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr", "refsource": "CONFIRM", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9", "refsource": "MISC", "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"}, {"name": "https://jira.xwiki.org/browse/XWIKI-19291", "refsource": "MISC", "url": "https://jira.xwiki.org/browse/XWIKI-19291"}]}, "source": {"advisory": "GHSA-gx6h-936c-vrrr", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-23622", "datePublished": "2022-02-09T21:40:10", "dateReserved": "2022-01-19T00:00:00", "dateUpdated": "2022-02-09T21:40:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4739F1E-1CC5-41FC-A93D-08807DEF75CA", "versionEndIncluding": "12.10.10", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "5C2AF753-69A0-4B05-87BF-A3020F544A1C", "versionEndIncluding": "13.4.6", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:13.10:*:*:*:*:*:*:*", "matchCriteriaId": "79E24FC2-CB28-4A00-AB05-D7068C8D8D39", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:13.10.1:*:*:*:*:*:*:*", "matchCriteriaId": "D1873519-3D31-4D0E-B442-597962CB2ED7", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:13.10.2:*:*:*:*:*:*:*", "matchCriteriaId": "557EAEC1-CDFD-41A8-A609-28049D999AB6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:14.0:*:*:*:*:*:*:*", "matchCriteriaId": "8464428C-4BC2-49F9-9040-5D98E7C0B776", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions there is a cross site scripting (XSS) vector in the `registerinline.vm` template related to the `xredirect` hidden field. This template is only used in the following conditions: 1. The wiki must be open to registration for anyone. 2. The wiki must be closed to view for Guest users or more specifically the XWiki.Registration page must be forbidden in View for guest user. A way to obtain the second condition is when administrators checked the \"Prevent unregistered users from viewing pages, regardless of the page rights\" box in the administration rights. This issue is patched in versions 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. There are two main ways for protecting against this vulnerability, the easiest and the best one is by applying a patch in the `registerinline.vm` template, the patch consists in checking the value of the xredirect field to ensure it matches: `<input type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" />`. If for some reason it's not possible to patch this file, another workaround is to ensure \"Prevent unregistered users from viewing pages, regardless of the page rights\" is not checked in the rights and apply a better right scheme using groups and rights on spaces."}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para las aplicaciones construidas sobre ella. En las versiones afectadas se presenta un vector de tipo cross site scripting (XSS) en la plantilla \"registerinline.vm\" relacionado con el campo oculto \"xredirect\". Esta plantilla s\u00f3lo es usada en las siguientes condiciones 1. El wiki debe estar abierto al registro para cualquiera. 2. El wiki debe estar cerrado a la visualizaci\u00f3n para usuarios invitados o, m\u00e1s concretamente, la p\u00e1gina XWiki.Registration debe estar prohibida en View para usuarios invitados. Una forma de obtener la segunda condici\u00f3n es cuando los administradores marcan la casilla \"Prevent unregistered users from viewing pages, regardless of the page rights\" en los derechos de administraci\u00f3n. Este problema est\u00e1 parcheado en las versiones 12.10.11, 14.0-rc-1, 13.4.7, 13.10.3. Se presentan dos formas principales de protegerse contra esta vulnerabilidad, la m\u00e1s f\u00e1cil y la mejor es aplicando un parche en la plantilla \"registerinline.vm\", el parche consiste en comprobar el valor del campo xredirect para asegurarse de que coincide: \"(input type=\"hidden\" name=\"xredirect\" value=\"$escapetool.xml($!request.xredirect)\" /)\". Si por alguna raz\u00f3n no es posible parchear este archivo, otra medida de mitigaci\u00f3n es asegurarse de que la opci\u00f3n \"Prevent unregistered users from viewing pages, regardless of the page rights\" no est\u00e9 marcada en los derechos y aplicar un mejor esquema de derechos usando grupos y derechos en los espacios"}], "id": "CVE-2022-23622", "lastModified": "2022-02-15T20:46:04.383", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-02-09T22:15:07.540", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/commit/053d957d53f2a543d158f3ab651e390d2728e0b9"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gx6h-936c-vrrr"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-19291"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Primary"}]}

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

JSON object

JSON object

JSON object