CVE-2022-23618: Open Redirect in xwiki-platform
First published: Wed Feb 09 2022(Updated: )
### Impact There's no protection against URL redirection to untrusted site, in particular some well known parameters (xredirect) can be used to perform such redirections. ### Patches The problem has been patched in XWiki 12.10.7 and XWiki 13.3RC1. ### Workarounds There's no known workaround for this issue. ### References https://jira.xwiki.org/browse/XWIKI-10309 ### For more information If you have any questions or comments about this advisory: * Open an issue in [JIRA](https://jira.xwiki.org) * Email us at [Security ML](mailto:security@xwiki.org)
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Xwiki Xwiki | <=12.10.6 | |
| Xwiki Xwiki | >=13.0<=13.3 | |
| maven/org.xwiki.platform:xwiki-platform-oldcore | >=13.0.0<=13.2 | 13.3RC1 |
| maven/org.xwiki.platform:xwiki-platform-oldcore | <12.10.7 | 12.10.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/xwiki/xwiki-platform/commit/5251c02080466bf9fb55288f04a37671108f8096
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-jp55-vvmf-63mv
- https://jira.xwiki.org/browse/XWIKI-10309
- https://nvd.nist.gov/vuln/detail/CVE-2022-23618
- https://github.com/advisories/GHSA-jp55-vvmf-63mv (Advisory)
- collector/nvd-index
- collector/github-advisory
- alias/GHSA-jp55-vvmf-63mv
- alias/CVE-2022-23618
- collector/nvd-cve
- agent/author
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/tags
- agent/event
- vendor/xwiki
- canonical/xwiki xwiki
- version/xwiki xwiki/12.10.6
- version/xwiki xwiki/13.0
- version/xwiki xwiki/13.3
- package-manager/maven