Vulnerability Description
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of the XWiki.ClassSheet document. This has been patched in XWiki 15.0-rc-1 and 14.10.4. There are no known workarounds.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Xwiki | Xwiki | >= 3.4, < 14.10.4 |
Related Weaknesses (CWE)
References
- https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e95Patch
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25fVendor Advisory
- https://jira.xwiki.org/browse/XWIKI-20566Vendor Advisory
- https://github.com/xwiki/xwiki-platform/commit/de72760d4a3e1e9be64a10660a0c19e95Patch
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-36fm-j33w-c25fVendor Advisory
- https://jira.xwiki.org/browse/XWIKI-20566Vendor Advisory
FAQ
What is CVE-2023-32069?
CVE-2023-32069 is a vulnerability with a CVSS score of 9.9 (CRITICAL). XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-2 and prior to versions 14.10.4 and 15.0-rc-1, it's possible for a user to execute anything with the right of the author of...
How severe is CVE-2023-32069?
CVE-2023-32069 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2023-32069?
Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.