What is the severity of CVE-2023-29204?

CVE-2023-29204 is considered to be a high severity vulnerability due to the potential for security measures to be bypassed.

How does CVE-2023-29204 affect XWiki software?

CVE-2023-29204 affects multiple versions of XWiki, particularly those between versions 6.0 and 14.4.4, enabling open redirect vulnerabilities.

What impact could CVE-2023-29204 have on my application?

CVE-2023-29204 could be exploited to redirect users to malicious sites, potentially leading to phishing attacks or malware distribution.

How do I fix CVE-2023-29204?

To mitigate CVE-2023-29204, upgrade to the latest version of XWiki that has addressed this vulnerability.

Is my version of XWiki affected by CVE-2023-29204?

If you are using XWiki versions 6.0-rc1, 14.4.0 to 14.4.4, or between 14.5 and 14.7, your version is affected by CVE-2023-29204.

Vulnerability/
CVE-2023-29204

medium

6.1

CWE

601

15/4/2023

6/2/2025

CVE-2023-29204: URL Redirection to Untrusted Site ('Open Redirect') in org.xwiki.platform:xwiki-platform-oldcore

First published: Sat Apr 15 2023(Updated: )

XWiki Commons are technical libraries common to several other top level XWiki projects. It is possible to bypass the existing security measures put in place to avoid open redirect by using a redirect such as `//mydomain.com` (i.e. omitting the `http:`). It was also possible to bypass it when using URL such as `http:/mydomain.com`. The problem has been patched on XWiki 13.10.10, 14.4.4 and 14.8RC1.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Xwiki	>=6.0<13.10.10
Xwiki	>=14.4.0<14.4.4
Xwiki	>=14.5<=14.7
Xwiki	=6.0-rc1

Remedy

https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e#diff-c445f288d5d63424f56ef13f65514ab4e174a72e979b53b88197c2b7def267cf

Remedy

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xwph-x6xj-wggv

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2023-29204?
CVE-2023-29204 is considered to be a high severity vulnerability due to the potential for security measures to be bypassed.
How does CVE-2023-29204 affect XWiki software?
CVE-2023-29204 affects multiple versions of XWiki, particularly those between versions 6.0 and 14.4.4, enabling open redirect vulnerabilities.
What impact could CVE-2023-29204 have on my application?
CVE-2023-29204 could be exploited to redirect users to malicious sites, potentially leading to phishing attacks or malware distribution.
How do I fix CVE-2023-29204?
To mitigate CVE-2023-29204, upgrade to the latest version of XWiki that has addressed this vulnerability.
Is my version of XWiki affected by CVE-2023-29204?
If you are using XWiki versions 6.0-rc1, 14.4.0 to 14.4.4, or between 14.5 and 14.7, your version is affected by CVE-2023-29204.

agent/references
agent/type
agent/remedy
collector/nvd-index
agent/software-canonical-lookup-request
agent/description
agent/author
agent/weakness
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/title
agent/severity
agent/last-modified-date
agent/source
agent/tags
agent/first-publish-date
agent/event
vendor/xwiki
canonical/xwiki
version/xwiki/6.0
version/xwiki/14.4.0
version/xwiki/14.5
version/xwiki/14.7
version/xwiki/6.0-rc1

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.