critical
9
CWE
74 95 352
Advisory Published
CVE Published
Updated

CVE-2023-29213: org.xwiki.platform:xwiki-platform-logging-ui Injection vulnerability

First published: Wed Apr 12 2023(Updated: )

### Impact #### Steps to reproduce: It is possible to trick a user with programming rights into visiting <xwiki-host>/xwiki/bin/view/XWiki/LoggingAdmin?loggeraction_set=1&logger_name=%7B%7Bcache%7D%7D%7B%7Bgroovy%7D%7Dnew+File%28%22%2Ftmp%2Fexploit.txt%22%29.withWriter+%7B+out+-%3E+out.println%28%22created+from+notification+filter+preferences%21%22%29%3B+%7D%7B%7B%2Fgroovy%7D%7D%7B%7B%2Fcache%7D%7D&logger_level=TRACE where <xwiki-host> is the URL of your XWiki installation, e.g., by embedding an image with this URL in a document that is viewed by a user with programming rights. #### Expected result: No file in /tmp/exploit.txt has been created. #### Actual result: The file `/tmp/exploit.txt` is been created with content "created from notification filter preferences!". This demonstrates a CSRF remote code execution vulnerability that could also be used for privilege escalation or data leaks (if the XWiki installation can reach remote hosts). ### Patches The problem has been patched on XWiki 14.4.7, and 14.10. ### Workarounds The issue can be fixed manually applying this [patch](https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca). ### References - https://jira.xwiki.org/browse/XWIKI-20291 - https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)

Credit: security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
maven/org.xwiki.platform:xwiki-platform-logging-ui>=14.5<14.10
14.10
maven/org.xwiki.platform:xwiki-platform-logging-ui>=14.0-rc-1<14.4.7
14.4.7
maven/org.xwiki.platform:xwiki-platform-logging-ui>=4.2-milestone-3<13.10.11
13.10.11
Xwiki>4.2<13.10.11
Xwiki>14.0<14.4.7
Xwiki>=14.5<14.10
Xwiki=4.2
Xwiki=4.2-milestone3
Xwiki=14.0
Xwiki=14.0-rc1

Remedy

https://github.com/xwiki/xwiki-platform/commit/49fdfd633ddfa346c522d2fe71754dc72c9496ca

Remedy

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-4655-wh7v-3vmg

Remedy

https://jira.xwiki.org/browse/XWIKI-20291

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2023-29213?

    CVE-2023-29213 is considered a critical vulnerability due to its potential for arbitrary file creation.

  • How do I fix CVE-2023-29213?

    To fix CVE-2023-29213, upgrade to XWiki platform version 14.10, 14.4.7, or 13.10.11 or later.

  • What versions of XWiki are affected by CVE-2023-29213?

    CVE-2023-29213 affects XWiki versions from 4.2 to 14.4.6 and 14.0-rc1 to 14.9.

  • Is CVE-2023-29213 an authentication vulnerability?

    No, CVE-2023-29213 is not an authentication vulnerability; it involves user deception to exploit their permissions.

  • What type of attack does CVE-2023-29213 enable?

    CVE-2023-29213 enables an attacker to trick a user into executing code that can create arbitrary files on the server.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203