Home > Vulnerability Database > CVE-2023-29507

Mend.io Vulnerability Database

CVE-2023-29507

Good to know:

Date: April 16, 2023

XWiki Commons are technical libraries common to several other top level XWiki projects. The Document script API returns directly a DocumentAuthors allowing to set any authors to the document, which in consequence can allow subsequent executions of scripts since this author is used for checking rights. The problem has been patched in XWiki 14.10 and 14.4.7 by returning a safe script API.

Language: Java

Severity Score

7.2

Related Resources (5)

Url: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pwfv-3cvg-9m4c

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-29507

Url: https://github.com/xwiki/xwiki-platform/commit/905cdd7c421dbf8c565557cdc773ab1aa9028f83

Url: https://jira.xwiki.org/browse/XWIKI-20380

Url: https://www.mend.io/vulnerability-database/CVE-2023-29507

Severity Score

7.2

Weakness Type (CWE)

Incorrect Use of Privileged APIs

CWE-648

Top Fix

Upgrade Version

Upgrade to version org.xwiki.platform:xwiki-platform-oldcore:14.4.7,14.10

Learn More

CVSS v3.1

Base Score:	7.2
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	HIGH
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2023-29507

Good to know:

Date: April 16, 2023

Language: Java

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?