Vulnerability Description
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the current user which allow accessing API requiring programming right if the current user has programming right. This has been patched in XWiki 13.0. Users are advised to update to resolve this issue. The only known workaround is to limit SCRIPT access.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 1.0, < 13.0 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46aPatchThird Party Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884rThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-5024PatchVendor Advisory
- https://github.com/xwiki/xwiki-platform/commit/7ab0fe7b96809c7a3881454147598d46aPatchThird Party Advisory
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-f4cj-3q3h-884rThird Party Advisory
- https://jira.xwiki.org/browse/XWIKI-5024PatchVendor Advisory
FAQ
What is CVE-2022-23615?
CVE-2022-23615 is a vulnerability with a CVSS score of 5.4 (MEDIUM). XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with SCRIPT right can save a document with the right of the curre...
How severe is CVE-2022-23615?
CVE-2022-23615 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-23615?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.