CVE-2023-29204

Summary

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as //mydomain.com (i.e. omitting the http:). It was also possible to bypass it when using URL such as http:/mydomain.com. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Affected Software

VendorProductVersion RangeStatus
xwikixwiki-platform>= 6.0-rc-1, < 13.10.10affected
xwikixwiki-platform>= 14.0-rc-1, < 14.4.4affected
xwikixwiki-platform>= 14.5, < 14.8-rc-1affected

Weaknesses

  • CWE-601: CWE-601: URL Redirection to Untrusted Site ('Open Redirect')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References