Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-20594

Upgrading doesn't prevent exploiting vulnerable XWiki documents

    XMLWordPrintable

Details

    • Unit, Integration
    • Unknown

    Description

      Steps to Reproduce:

      1. Install a version where XWIKI-19747 can be exploited (e.g., 14.3).
      2. Upgrade to a version that includes a fix for XWIKI-19747, e.g., 14.4.
      3. Follow the reproduction steps on XWIKI-19747, but add rev=1.1 as URL parameter (on older installations you should check the exact version before the upgrade).

      Expected result:

      XWIKI-19747 cannot be exploited anymore as the installation has been upgraded.

      Actual result:

      The reproduction steps still work, i.e., it is still possible to gain programming rights from view rights on the tag document.

      The same also applies to other fixes that involve changing a document where the vulnerable part can be triggered when viewing an old version of the document (fixes involving just wiki macros or that can only be exploited when the document is used as a sheet are probably safe, for example).

      Attachments

        Issue Links

          blocks

          Bug - A problem which impairs or prevents the functions of the product. XWIKI-20386 CSRF privilege escalation/RCE via the edit action

          • Blocker - Blocks development and/or testing work, production could not run.
          • Closed
          links to

          Web Link Security advisory

          Activity

            People

              MichaelHamann Michael Hamann
              MichaelHamann Michael Hamann
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: