XWiki Commons are technical libraries common to several other top level XWiki projects. It was possible to inject some code using the URL of authenticated endpoints. This problem has been patched on XWiki 13.10.11, 14.4.7 and 14.10.
References
Link | Resource |
---|---|
https://github.com/xwiki/xwiki-platform/commit/1943ea26c967ef868fb5f67c487d98d97cba0380 | Patch |
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jjm5-5v9v-7hx2 | Exploit Patch Vendor Advisory |
https://jira.xwiki.org/browse/XWIKI-20335 | Exploit Issue Tracking |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-04-16T06:49:51.376Z
Updated: 2023-04-16T06:49:51.376Z
Reserved: 2023-04-07T18:56:54.625Z
Link: CVE-2023-29506
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-04-16T07:15:53.123
Modified: 2023-04-26T17:45:03.267
Link: CVE-2023-29506
JSON object: View
Redhat Information
No data.
CWE