CVE-2023-26056

xwiki contains Incorrect Authorization in maven/org.xwiki.platform/xwiki-platform-rendering-macro-context

Identifiers

GHSA-859x-p6jp-rc2w, CVE-2023-26056

Package Slug

maven/org.xwiki.platform/xwiki-platform-rendering-macro-context

Vulnerability

xwiki contains Incorrect Authorization

Description

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Affected Versions

All versions starting from 3.0-milestone-1 before 13.10.10, all versions starting from 14.0-rc-1 before 14.4.5, all versions starting from 14.5 before 14.8-rc-1

Solution

Upgrade to versions 13.10.10, 14.4.5, 14.8-rc-1 or above. Note: 14.8-rc-1 may be an unstable version. Use caution.

Last Modified

2023-03-06

source