CVE-2023-37912 - Vulnerability Details

Vendors	Products
Xwiki	Xwiki-rendering

Link	Providers
https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e
https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5
https://jira.xwiki.org/browse/XRENDERING-688

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2023-37912", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2023-07-10T17:51:29.611Z", "datePublished": "2023-10-25T17:33:54.756Z", "dateUpdated": "2024-09-12T20:47:45.452Z"}, "containers": {"cna": {"title": "XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro", "problemTypes": [{"descriptions": [{"cweId": "CWE-270", "lang": "en", "description": "CWE-270: Privilege Context Switching Error", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}], "affected": [{"vendor": "xwiki", "product": "xwiki-rendering", "versions": [{"version": "< 14.10.6", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.1-rc-1", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-25T17:33:54.756Z"}, "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."}], "source": {"advisory": "GHSA-35j5-m29r-xfq5", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.739Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-09-10T18:34:21.859558Z", "id": "CVE-2023-37912", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T20:47:45.452Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.xwiki.org/browse/XRENDERING-688", "name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T17:23:27.739Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2023-37912", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-09-10T18:34:21.859558Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-09-12T20:47:41.371Z"}}], "cna": {"title": "XWiki Rendering's footnote macro vulnerable to privilege escalation via the footnote macro", "source": {"advisory": "GHSA-35j5-m29r-xfq5", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 10, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-rendering", "versions": [{"status": "affected", "version": "< 14.10.6"}, {"status": "affected", "version": ">= 15.0-rc-1, < 15.1-rc-1"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "name": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "name": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XRENDERING-688", "name": "https://jira.xwiki.org/browse/XRENDERING-688", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-270", "description": "CWE-270: Privilege Context Switching Error"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2023-10-25T17:33:54.756Z"}}}, "cveMetadata": {"cveId": "CVE-2023-37912", "state": "PUBLISHED", "dateUpdated": "2024-09-12T20:47:45.452Z", "dateReserved": "2023-07-10T17:51:29.611Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2023-10-25T17:33:54.756Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki-rendering:*:*:*:*:*:*:*:*", "matchCriteriaId": "E4B6A2C8-AE24-40DE-85A2-1817E80B2AB3", "versionEndExcluding": "14.10.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki-rendering:15.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "EC768826-FE19-4153-B72C-A310E77E45DA", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Rendering is a generic Rendering system that converts textual input in a given syntax into another syntax. Prior to version 14.10.6 of `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` and `org.xwiki.platform:xwiki-rendering-macro-footnotes` and prior to version 15.1-rc-1 of `org.xwiki.platform:xwiki-rendering-macro-footnotes`, the footnote macro executed its content in a potentially different context than the one in which it was defined. In particular in combination with the include macro, this allows privilege escalation from a simple user account in XWiki to programming rights and thus remote code execution, impacting the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.6 and 15.1-rc-1. There is no workaround apart from upgrading to a fixed version of the footnote macro."}, {"lang": "es", "value": "XWiki Rendering es un sistema de renderizado gen\u00e9rico que convierte la entrada de texto en una sintaxis determinada en otra sintaxis. Antes de la versi\u00f3n 14.10.6 de `org.xwiki.platform:xwiki-core-rendering-macro-footnotes` y `org.xwiki.platform:xwiki-rendering-macro-footnotes` y antes de la versi\u00f3n 15.1-rc-1 de `org.xwiki.platform:xwiki-rendering-macro-footnotes`, la macro de nota al pie ejecut\u00f3 su contenido en un contexto potencialmente diferente a aquel en el que se defini\u00f3. En particular, en combinaci\u00f3n con la macro de inclusi\u00f3n, esto permite escalar privilegios desde una simple cuenta de usuario en XWiki hasta derechos de programaci\u00f3n y, por lo tanto, ejecuci\u00f3n remota de c\u00f3digo, lo que afecta la confidencialidad, integridad y disponibilidad de toda la instalaci\u00f3n de XWiki. Esta vulnerabilidad ha sido parcheada en XWiki 14.10.6 y 15.1-rc-1. No existe otro workaround aparte de actualizar a una versi\u00f3n fija de la macro de notas al pie."}], "id": "CVE-2023-37912", "lastModified": "2024-11-21T08:12:27.327", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.9, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 6.0, "source": "[email protected]", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "[email protected]", "type": "Primary"}]}, "published": "2023-10-25T18:17:28.613", "references": [{"source": "[email protected]", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"source": "[email protected]", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"source": "[email protected]", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-rendering/commit/5f558b8fac8b716d19999225f38cb8ed0814116e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-rendering/security/advisories/GHSA-35j5-m29r-xfq5"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XRENDERING-688"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-270"}], "source": "[email protected]", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "[email protected]", "type": "Primary"}]}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object