GHSA-7PH6-5CMQ-XGJQ

Vulnerability from github – Published: 2022-02-09 21:53 – Updated: 2022-05-19 22:09
VLAI?
Summary
Path traversal in xwiki-platform-skin-skinx
Details

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document reference when serializing it on filesystem, so it's easy to mess up the HTML export process with reference elements containing filesystem syntax like "../", "./". or "/" in general (the last two not causing any security threat, but can cause conflicts with others serialized files). Patch can be found in 13.6-rc-1. Giving script or subwiki admin right only to trusted people and disabling HTML/PDF export can be done as workaround.

Severity ?
6.8 (Medium)
CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H
Show details on source website
To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Maven",
        "name": "org.xwiki.platform:xwiki-platform-skin-skinx"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "6.2-rc-1"
            },
            {
              "fixed": "13.6"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2022-23620"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-116",
      "CWE-22"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2022-02-09T21:53:29Z",
    "nvd_published_at": "2022-02-09T22:15:00Z",
    "severity": "MODERATE"
  },
  "details": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. AbstractSxExportURLFactoryActionHandler#processSx does not escape anything from SSX document reference when serializing it on filesystem, so it\u0027s easy to mess up the HTML export process with reference elements containing filesystem syntax like \"../\", \"./\". or \"/\" in general (the last two not causing any security threat, but can cause conflicts with others serialized files). Patch can be found in 13.6-rc-1. Giving script or subwiki admin right only to trusted people and disabling HTML/PDF export can be done as workaround.\n\n",
  "id": "GHSA-7ph6-5cmq-xgjq",
  "modified": "2022-05-19T22:09:24Z",
  "published": "2022-02-09T21:53:29Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-23620"
    },
    {
      "type": "WEB",
      "url": "https://github.com/xwiki/xwiki-platform/commit/ab778254fb8f71c774e1c1239368c44fe3b6bba5"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/xwiki/xwiki-platform"
    },
    {
      "type": "WEB",
      "url": "https://jira.xwiki.org/browse/XWIKI-18819"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:C/C:L/I:L/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Path traversal in xwiki-platform-skin-skinx"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.

Sightings

Author Source Type Date Other

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.