Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

GHSA-q6jp-gcww-8v2j

GitHub Security Advisory

Missing Authorization in Filter Stream Converter Application of XWiki-platform

✓ GitHub Reviewed CRITICAL Has CVE
View on GitHub

Advisory Details

### Impact

The application allow anyone with view access to modify any page of the wiki by importing a crafted XAR package.

### Patches

The problem has been patched in XWiki 14.6RC1, 14.6 and 13.10.8.

### Workarounds

The problem can be patched immediately by setting the right of the page Filter.WebHome and making sure only main wiki administrators can VIEW it the application is installed on main wiki or edit the page and apply the changed described on https://github.com/xwiki/xwiki-platform/commit/fb49b4f289ee28e45cfada8e97e320cd3ed27113.

### References

* https://github.com/xwiki/xwiki-platform/commit/fb49b4f289ee28e45cfada8e97e320cd3ed27113
* https://jira.xwiki.org/browse/XWIKI-19758

### For more information
If you have any questions or comments about this advisory:
* Open an issue in [JIRA](https://jira.xwiki.org)
* Email us at [security ML](mailto:[email protected])

Affected Packages

Maven org.xwiki.platform:xwiki-platform-filter-ui
Affected versions: 0 (fixed in 13.10.8)
Maven org.xwiki.platform:xwiki-platform-filter-ui
Affected versions: 14.0.0 (fixed in 14.4.3)
Maven org.xwiki.platform:xwiki-platform-filter-ui
Affected versions: 14.5.0 (fixed in 14.6-rc-1)

Related CVEs

CVE-2022-41937

Key Information

GHSA ID
GHSA-q6jp-gcww-8v2j
Published
November 21, 2022 11:46 PM
Last Modified
November 28, 2022 3:50 PM
CVSS Score
9.0 /10
Primary Ecosystem
Maven
Primary Package
org.xwiki.platform:xwiki-platform-filter-ui
GitHub Reviewed
✓ Yes

Dataset

Last updated: September 23, 2025 6:31 AM

Data from GitHub Advisory Database. This information is provided for research and educational purposes.