CVE-2023-26056

Summary

XWiki Platform is a generic wiki platform. Starting in version 3.0-milestone-1, it's possible to execute a script with the right of another user, provided the target user does not have programming right. The problem has been patched in XWiki 14.8-rc-1, 14.4.5, and 13.10.10. There are no known workarounds for this issue.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 3.0-milestone-1, < 13.10.10affected
xwikixwiki-platform>= 14.0-rc-1, < 14.4.5affected
xwikixwiki-platform>= 14.5, < 14.8-rc-1affected

Weaknesses

  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References