CVE-2023-26473

Summary

XWiki Platform is a generic wiki platform. Starting in version 1.3-rc-1, any user with edit right can execute arbitrary database select and access data stored in the database. The problem has been patched in XWiki 13.10.11, 14.4.7, and 14.10. There is no workaround for this vulnerability other than upgrading.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 1.3-rc-1, < 13.10.11affected
xwikixwiki-platform>= 14.0, < 14.4.7affected
xwikixwiki-platform>= 14.5, < 14.10affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References