Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-22836

Privilege escalation through link refactoring

    XMLWordPrintable

Details

    • Unit, Integration
    • Unknown
    • N/A

    Description

      When links are modified as part of a refactoring (e.g. a page rename) the document is saved using current author as metadata author. This might lead to privilege escalation and script right execution.

      Reproduction steps:

      • Create 2 users Foo without script right and Bar with script right
      • Login with Foo
      • Create a page P1
      • Create a page P2 with a MovieClass xobject
      • In the "poster" field of the xobject put a link to P1 and a velocity script
      • Login with Bar and rename P1 to P3

      Expected result:

      • P2 gets a new version and its link is refactored, the history shows that Bar performed the refactoring, but the velocity script remain not executed

      Obtained result:

      • P2 gets a new version and its link is refactored, the history shows that Bar performed the refactoring, but the velocity script is executed

      Attachments

        Issue Links

          Activity

            People

              surli Simon Urli
              surli Simon Urli
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: