XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545 | Exploit Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-19523 | Exploit Issue Tracking Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-03-02T18:17:09.152Z
Updated: 2023-03-02T18:17:09.152Z
Reserved: 2023-02-23T23:22:58.573Z
Link: CVE-2023-26473
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-03-02T19:15:11.313
Modified: 2023-03-13T16:54:44.297
Link: CVE-2023-26473
JSON object: View
Redhat Information
No data.