Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-gg53-wf5x-r3r6

GitHub Security Advisory

XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference

✓ GitHub Reviewed HIGH Has CVE
View on GitHub

Advisory Details

### Impact

A bug in the security cache is storing rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry.

That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too.

### Patches

The problem has been patched in XWiki 12.10.11, 13.10.1, 13.4.6.

### Workarounds

No workaround other than patching.

### References

https://jira.xwiki.org/browse/XWIKI-14075
https://jira.xwiki.org/browse/XWIKI-18983

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [Jira XWiki.org](https://jira.xwiki.org)
* Email us at [Security Mailing List](mailto:[email protected])

Affected Packages

Maven org.xwiki.platform:xwiki-platform-security
Affected versions: 5.0 (fixed in 12.10.11)
Maven org.xwiki.platform:xwiki-platform-security
Affected versions: 13.0 (fixed in 13.4.6)
Maven org.xwiki.platform:xwiki-platform-security
Affected versions: 13.10 (fixed in 13.10.1)

Related CVEs

CVE-2022-31167

Key Information

GHSA ID
GHSA-gg53-wf5x-r3r6
Published
September 20, 2022 9:18 PM
Last Modified
September 20, 2022 9:18 PM
CVSS Score
7.5 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-security
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 23, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.