CVE-2024-55663: XWiki Platform has an SQL injection in getdocuments.vm with sort parameter
First published: Thu Dec 12 2024(Updated: )
### Impact In `getdocument.vm` ; the ordering of the returned documents is defined from an unsanitized request parameter (request.sort) and can allow any user to inject HQL. Depending on the used database backend, the attacker may be able to not only obtain confidential information such as password hashes from the database, but also execute UPDATE/INSERT/DELETE queries. It's possible to employ database backend dependent techniques of breaking out of HQL query context, described, for example, here: https://www.sonarsource.com/blog/exploiting-hibernate-injections. ### Patches This has been patched in 13.10.5 and 14.3-rc-1. ### Workarounds There is no known workaround, other than upgrading XWiki. ### References https://jira.xwiki.org/browse/XWIKI-17568 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki.org](https://jira.xwiki.org/) * Email us at [Security Mailing List](mailto:security@xwiki.org)
Credit: security-advisories@github.com security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=6.3-milestone-2<13.10.5 | 13.10.5 |
| maven/org.xwiki.platform:xwiki-platform-distribution-war | >=14.0-rc-1<14.3-rc-1 | 14.3-rc-1 |
| Xwiki | >=6.4<13.10.5 | |
| Xwiki | >=14.0<14.3 | |
| Xwiki | =6.3 | |
| Xwiki | =6.3-milestone2 | |
| Xwiki | =6.3-rc1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-wh34-m772-5398
- https://github.com/xwiki/xwiki-platform/commit/673076e2e8b88a36cdeaf7007843aa9ca1a068a0
- https://jira.xwiki.org/browse/XWIKI-17568
- https://nvd.nist.gov/vuln/detail/CVE-2024-55663
- https://github.com/advisories/GHSA-wh34-m772-5398 (Advisory)
Frequently Asked Questions
What is the severity of CVE-2024-55663?
CVE-2024-55663 has a high severity due to potential unauthorized access to confidential information through HQL injection.
How do I fix CVE-2024-55663?
To fix CVE-2024-55663, upgrade to XWiki version 13.10.5 or 14.3-rc-1, or later.
Which software is affected by CVE-2024-55663?
CVE-2024-55663 affects XWiki versions from 6.3-milestone-2 to 13.10.5 and from 14.0-rc-1 to 14.3.
What are the potential impacts of CVE-2024-55663?
The potential impacts of CVE-2024-55663 include unauthorized information disclosure and system compromise due to HQL injection.
Are all versions of XWiki vulnerable to CVE-2024-55663?
Not all versions of XWiki are vulnerable; specifically, versions from 14.3 and 13.10.5 and later are not affected.
- agent/weakness
- agent/title
- agent/first-publish-date
- agent/type
- agent/event
- agent/references
- agent/author
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-wh34-m772-5398
- alias/CVE-2024-55663
- agent/software-canonical-lookup
- collector/mitre-cve
- source/MITRE
- collector/nvd-cve
- source/NVD
- agent/description
- agent/trending
- collector/github-advisory
- agent/severity
- agent/remedy
- agent/last-modified-date
- agent/softwarecombine
- agent/source
- agent/tags
- collector/nvd-api
- agent/software-canonical-lookup-request
- package-manager/maven
- vendor/xwiki
- canonical/xwiki
- version/xwiki/6.4
- version/xwiki/14.0
- version/xwiki/6.3
- version/xwiki/6.3-milestone2
- version/xwiki/6.3-rc1