Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2023-50721

CRITICAL
Published 2023-12-15T19:02:46.076Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2023-50721. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
10.0
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.384
probability
of exploitation in the wild

There is a 38.4% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.971
Higher than 97.1% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

XWiki Platform is a generic wiki platform. Starting in 4.5-rc-1 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. As a workaround, the patch can be applied manually applied to the page `XWiki.SearchAdmin`.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

xwiki

xwiki-platform

Affected Versions:

>= 4.5-rc-1, < 14.10.15 >= 15.0-rc-1, < 15.5.2 >= 15.6-rc-1, < 15.7-rc-1

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

Remote code execution from account through SearchAdmin

GHSA-7654-vfh6-rw6x

Advisory Details

### Impact The search administration interface doesn't properly escape the id and label of search user interface extensions, allowing the injection of XWiki syntax containing script macros including Groovy macros that allow remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki instance. This attack can be executed by any user who can edit some wiki page like the user's profile (editable by default) as user interface extensions that will be displayed in the search administration can be added on any document by any user. To reproduce, edit any document with the object editor, add an object of type `XWiki.UIExtensionClass`, set "Extension Point Id" to `org.xwiki.platform.search`, set "Extension ID" to `{{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack from extension id succeeded!"){{/groovy}}{{/async}}`, set "Extension Parameters" to `label={{async}}{{groovy}}services.logging.getLogger("attacker").error("Attack from label succeeded!"){{/groovy}}{{/async}}` and "Extension Scope" to "Current User". Then open the page `XWiki.SearchAdmin`, e.g., on http://localhost:8080/xwiki/bin/view/XWiki/SearchAdmin. If there are error log messages in XWiki's log that announce that attacks succeeded, the instance is vulnerable. ### Patches The necessary escaping has been added in XWiki 14.10.15, 15.5.2 and 15.7RC1. ### Workarounds The [patch](https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766#diff-2272c913e5ca43813e52f8fa748c9b043bf0f01561908d7eba6ca3601d8475c4) can be manually applied to the page `XWiki.SearchAdmin`. ### References * https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766 * https://jira.xwiki.org/browse/XWIKI-21200

Affected Packages

Maven org.xwiki.platform:xwiki-platform-search-ui
ECOSYSTEM: ≥4.5-rc-1 <14.10.15
Maven org.xwiki.platform:xwiki-platform-search-ui
ECOSYSTEM: ≥15.0-rc-1 <15.5.2
Maven org.xwiki.platform:xwiki-platform-search-ui
ECOSYSTEM: ≥15.6-rc-1 <15.7-rc-1

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

References

WEB https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2023-50721
WEB https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766
PACKAGE https://github.com/xwiki/xwiki-platform
WEB https://jira.xwiki.org/browse/XWIKI-21200

Advisory provided by GitHub Security Advisory Database. Published: December 16, 2023, Modified: December 16, 2023

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7654-vfh6-rw6x
https://github.com/xwiki/xwiki-platform/commit/62863736d78ffd60d822279c5fb7fb9593042766
https://jira.xwiki.org/browse/XWIKI-21200
Published: 2023-12-15T19:02:46.076Z
Last Modified: 2024-08-02T22:16:47.207Z
Copied to clipboard!