Vulnerability Description
XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 1.3, < 13.10.11 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545ExploitVendor Advisory
- https://jira.xwiki.org/browse/XWIKI-19523ExploitIssue TrackingPatch
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vpx4-7rfp-h545ExploitVendor Advisory
- https://jira.xwiki.org/browse/XWIKI-19523ExploitIssue TrackingPatch
FAQ
What is CVE-2023-26473?
CVE-2023-26473 is a vulnerability with a CVSS score of 6.5 (MEDIUM). XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been pat...
How severe is CVE-2023-26473?
CVE-2023-26473 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-26473?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.