CVE-2023-37912 - OpenCVE

XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Xwiki	Xwiki-rendering

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki-rendering::::::::
	cpe:2.3:a:xwiki:xwiki-rendering:15.0:rc1::::::

References

Link	Resource
https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e	Patch
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5	Patch Vendor Advisory
https://jira.xwiki.org/browse/XRENDERING-688	Exploit Issue Tracking Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2023-10-25T17:33:54.756Z

Updated: 2023-10-25T17:33:54.756Z

Reserved: 2023-07-10T17:51:29.611Z

Link: CVE-2023-37912

JSON object: View

NVD Information

Status : Analyzed

Published: 2023-10-25T18:17:28.613

Modified: 2023-10-31T18:48:07.620

Link: CVE-2023-37912

JSON object: View

Redhat Information

No data.

CWE

{"dataType": "CVE_RECORD", "dataVersion": "5.0", "cveMetadata": {"cveId": "CVE-2023-37912", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-10T17:51:29.611Z", "datePublished": "2023-10-25T17:33:54.756Z", "dateUpdated": "2023-10-25T17:33:54.756Z"}, "containers": {"cna": {"title": "XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro", "problemTypes": [{"descriptions": [{"cweId": "CWE-270", "lang": "en", "description": "CWE-270: Privilege Context Switching Error", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}], "affected": [{"vendor": "xwiki", "product": "xwiki-rendering", "versions": [{"version": "< 14.10.6", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.1-rc-1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-25T17:33:54.756Z"}, "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."}], "source": {"advisory": "GHSA-35j5-m29r-xfq5", "discovery": "UNKNOWN"}}}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki-rendering:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4B6A2C8-AE24-40DE-85A2-1817E80B2AB3", "versionEndExcluding": "14.10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki-rendering:15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EC768826-FE19-4153-B72C-A310E77E45DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."}, {"lang": "es", "value": "XWiki Rendering es un sistema de renderizado gen\u00e9rico que convierte la entrada de texto en una sintaxis determinada en otra sintaxis. Antes de la versi\u00f3n 14.10.6 de `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` y `org.xwiki.platform:xwiki-rendering-macro-footnotes` y antes de la versi\u00f3n 15.1-rc-1 de `org.xwiki.platform:xwiki-rendering-macro-footnotes`, la macro de nota al pie ejecut\u00f3 su contenido en un contexto potencialmente diferente a aquel en el que se defini\u00f3. En particular, en combinaci\u00f3n con la macro de inclusi\u00f3n, esto permite escalar privilegios desde una simple cuenta de usuario en XWiki hasta derechos de programaci\u00f3n y, por lo tanto, ejecuci\u00f3n remota de c\u00f3digo, lo que afecta la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.6 y 15.1-rc-1. No existe otro workaround aparte de actualizar a una versi\u00f3n fija de la macro de notas al pie."}], "id": "CVE-2023-37912", "lastModified": "2023-10-31T18:48:07.620", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2023-10-25T18:17:28.613", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-270"}], "source": "security-advisories@github.com", "type": "Secondary"}]}