Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-16661

RCE using reset password

    XMLWordPrintable

    Details

    • Development Priority:
      High
    • Difficulty:
      Unknown
    • Documentation:
      N/A
    • Documentation in Release Notes:
      N/A
    • Similar issues:

      Description

      Issue

      When resetting the password, the user document XWiki.<username> is saved as superadmin.

      By creating a macro on the user document before resetting the document, it will be executed with superadmin privileges. Thus it is possible to run, for example, a groovy script as a normal user.

      Steps to reproduce

      1. Create an unprivileged user.
      2. Add a XWiki.WikiMacroClass object with a groovy script.
      3. Do a password reset request for this user.
      4. Use the macro in any document.

      Many variants can be used depending on how the user profile is configured.

      Other types of objects can also be used to hold the script.

       

        Attachments

          Issue Links

            Activity

              People

              Assignee:
              surli Simon Urli
              Reporter:
              jonathanvk Jonathan Villemaire-Krajden
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Dates

                Created:
                Updated:
                Resolved:
                Date of First Response: