Loading...

XML

Word

Printable

Details

Type: Bug
Resolution: Fixed
Priority: Blocker
Fix Version/s: 14.10.20, 15.5.4, 15.10-rc-1
Affects Version/s: 5.2-milestone-2
Component/s: Search - Generic
Labels:

Tests:

Unit
Difficulty:
Unknown
Documentation:
N/A
Documentation in Release Notes:
N/A
Similar issues:

Description

Steps to reproduce:

As a user without script or programming right, edit any page like your user profile with the object editor.
Add an object of type XWiki.SearchSuggestSourceClass

Set some properties of the object to the value

 }}}{{async}}{{groovy}}println("Hello from Groovy!"){{/groovy}}{{/async}}

Save and view the page.
Add ?sheet=XWiki.SearchSuggestSourceSheet to the URL.

Expected result:

The entered values are displayed as-is.

Actual result:

The value

Hello from Groovy!}}}

is displayed for all fields where a value has been set. This demonstrates a privilege escalation from a simple user account to programming right.

The vulnerable code has been introduced in ~~XWIKI-9392~~ which leads to an affects version of XWiki 5.2.

Attachments

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

image-2023-10-26-12-13-05-122.png
72 kB
26/Oct/23 12:13
image-2023-10-26-12-13-33-592.png
72 kB
26/Oct/23 12:13

Issue Links

links to

Security Advisory

Activity

People

Assignee:: Pierre Jeanjean

Reporter:: Michael Hamann

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Oct/23 12:14

Updated:: 10/Apr/24 09:52

Resolved:: 16/Nov/23 16:34