Home > Vulnerability Database > CVE-2023-29204

Mend.io Vulnerability Database

CVE-2023-29204

Good to know:

Date: April 15, 2023

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Language: Java

Severity Score

6.1

Related Resources (6)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-29204

Url: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv

Url: https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf

Url: https://jira.xwiki.org/browse/XWIKI-19994

Url: https://jira.xwiki.org/browse/XWIKI-10309

Url: https://www.mend.io/vulnerability-database/CVE-2023-29204

Severity Score

6.1

Weakness Type (CWE)

URL Redirection to Untrusted Site ('Open Redirect')

CWE-601

Top Fix

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-oldcore:13.10.10,14.4.4,14.8RC1

Learn More

CVSS v3.1

Base Score:	6.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-29204

Good to know:

Date: April 15, 2023

Language: Java

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?