CVE-2024-38369 - OpenCVE

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference="targetdocument"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact Low

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh	Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-06-24T16:39:37.695Z

Updated: 2024-06-24T20:36:42.653Z

Reserved: 2024-06-14T14:16:16.466Z

Link: CVE-2024-38369

JSON object: View

NVD Information

Status : Analyzed

Published: 2024-06-24T17:15:10.593

Modified: 2024-06-26T14:47:05.077

Link: CVE-2024-38369

JSON object: View

Redhat Information

No data.

CWE

CWE-863

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-38369", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-14T14:16:16.466Z", "datePublished": "2024-06-24T16:39:37.695Z", "dateUpdated": "2024-06-24T20:36:42.653Z"}, "containers": {"cna": {"title": "XWiki programming rights may be inherited by inclusion ", "problemTypes": [{"descriptions": [{"cweId": "CWE-863", "lang": "en", "description": "CWE-863: Incorrect Authorization", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 1.5-milestone-2, < 15.0-rc-1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-24T16:39:37.695Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference=\"targetdocument\"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.\n"}], "source": {"advisory": "GHSA-qcj3-wpgm-qpxh", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "xwiki", "product": "xwiki", "cpes": ["cpe:2.3:a:xwiki:xwiki:1.5-milestone-2:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "1.5-milestone-2", "status": "affected", "lessThan": "15.0-rc-1", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-24T20:32:07.791173Z", "id": "CVE-2024-38369", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-06-24T20:36:42.653Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "62462FC0-CC07-40F4-8DBE-9C12BBF4F99C", "versionEndExcluding": "15.0", "versionStartIncluding": "1.5", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using `{{include reference=\"targetdocument\"/}}` is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the `include` macro. This vulnerability has been patched in XWiki 15.0 RC1 by making the default behavior safe.\n"}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. El contenido de un documento incluido usando `{{include reference=\"targetdocument\"/}}` se ejecuta con el derecho del incluidor y no con el derecho de su autor. Esto significa que cualquier usuario capaz de modificar el documento de destino puede hacerse pasar por el autor del contenido que utiliz\u00f3 la macro \"incluir\". Esta vulnerabilidad se ha solucionado en XWiki 15.0 RC1 haciendo que el comportamiento predeterminado sea seguro."}], "id": "CVE-2024-38369", "lastModified": "2024-06-26T14:47:05.077", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-06-24T17:15:10.593", "references": [{"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-qcj3-wpgm-qpxh"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-863"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-863"}], "source": "security-advisories@github.com", "type": "Secondary"}]}