10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27479

GHSA ID

GHSA-qxjg-jhgw-qhrv

EPSS Score

0.8087%

CWE

CWE-74

Published

3/8/2023

Updated

3/8/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-27479

CVE-2023-27479: org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection

Impact

Any user with view rights can execute arbitrary Groovy, Python or Velocity code in XWiki leading to full access to the XWiki installation. The root cause is improper escaping of UIX parameters

A proof of concept exploit is to log in, add an XWiki.UIExtensionClass xobject to the user profile page, with an Extension Parameters content of:

order=100
label={{/html}} {{async async="true" cached="false" context="doc.reference"}}{{groovy}}println("Hello " + "from groovy!"){{/groovy}}{{/async}}
icon=icon:pencil
target=XWiki.username

Then, navigating to PanelsCode.ApplicationsPanelConfigurationSheet (i.e., <xwiki-host>/xwiki/bin/view/PanelsCode/ApplicationsPanelConfigurationSheet where <xwiki-host> is the URL of your XWiki installation) should not execute the Groovy script. If it does, you will see Hello from groovy! displayed on the screen.

Patches

The vulnerability has been patched in XWiki 13.10.11, 14.4.7 and 14.10-rc-1

Workarounds

The issue can be fixed by editing the PanelsCode.ApplicationsPanelConfigurationSheet wiki page and making the same modifications as shown in the patch for this issue.

References

https://github.com/xwiki/xwiki-platform/commit/6de5442f3c91c3634a66c7b458d5b142e1c2a2dc
https://jira.xwiki.org/browse/XWIKI-20294

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

(GitHub Advisory)

Miggo Vulnerability Database

→

CVE-2023-27479

CVE-2023-27479:

10

CVSS Score

3.1

-

CVSS Score

Basic Information

CVE ID

CVE-2023-27479

GHSA ID

GHSA-qxjg-jhgw-qhrv

EPSS Score

0.8087%

CWE

CWE-74

Published

3/8/2023

Updated

3/8/2023

KEV Status

Technology

Java

Basic Information

CVE ID

GHSA ID

EPSS Score

CWE

Published

Updated

KEV Status

Technology

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-panels-ui	maven	>= 6.3-milestone-2, < 13.10.11	13.10.11
org.xwiki.platform:xwiki-platform-panels-ui	maven	>= 14.0, < 14.4.7	14.4.7
org.xwiki.platform:xwiki-platform-panels-ui	maven	>= 14.5, < 14.10-rc-1	14.10-rc-1

Technical Details

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from unescaped interpolation of UIX parameters in the ApplicationsPanelConfigurationSheet.xml Velocity template. The proof of concept shows malicious code execution via the 'label' parameter, and the patch specifically adds $escapetool.xml() calls to neutralize these parameters. The affected code paths are clearly shown in the commit diff where parameters were previously rendered without escaping.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.W** rul*s *v*il**l* *or Mi**o *ustom*rs only.

10

-

Basic Information

Basic Information

Concerned about an active attack path?

CVE-2023-27479: org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection

Impact

Patches

Workarounds

References

For more information

CVE-2023-27479:

10

-

Basic Information

Basic Information

Technical Details

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability IntelligenceMiggo AI

CVE-2023-27479: org.xwiki.platform:xwiki-platform-panels-ui vulnerable to Eval Injection

Impact

Patches

Workarounds

References

For more information

Technical Details

Basic Information

Basic Information

10

10

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI

Vulnerability Intelligence
Miggo AI