Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
2.0
Description
Steps to Reproduce:
- Install a version where
XWIKI-19747can be exploited (e.g., 14.3). - Upgrade to a version that includes a fix for
XWIKI-19747, e.g., 14.4. - Follow the reproduction steps on
XWIKI-19747, but add rev=1.1 as URL parameter (on older installations you should check the exact version before the upgrade).
Expected result:
XWIKI-19747 cannot be exploited anymore as the installation has been upgraded.
Actual result:
The reproduction steps still work, i.e., it is still possible to gain programming rights from view rights on the tag document.
The same also applies to other fixes that involve changing a document where the vulnerable part can be triggered when viewing an old version of the document (fixes involving just wiki macros or that can only be exploited when the document is used as a sheet are probably safe, for example).
Attachments
Issue Links
- blocks
-
XWIKI-20386 CSRF privilege escalation/RCE via the edit action
- Closed
- links to