4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29520

GHSA ID

GHSA-9jq5-xwqw-q8j3

EPSS Score

0.37684%

CWE

CWE-248

Published

4/20/2023

Updated

11/4/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2023-29520

CVE-2023-29520: XWiki Platform vulnerable to page render failure due to broken translations

Impact

It's possible to break many translations coming from wiki pages by creating a corrupted document containing a translation object.

Patches

The vulnerability has been patched in XWiki 15.0-rc-1, 14.10.1, 14.4.8, and 13.10.11.

Workarounds

There is no other workaround other than fixing any way to create a document that fail to load.

References

https://jira.xwiki.org/browse/XWIKI-20460

For more information

If you have any questions or comments about this advisory:

Open an issue in Jira XWiki.org
Email us at Security Mailing List

(GitHub Advisory)

4.3

CVSS Score

3.1

Basic Information

CVE ID

CVE-2023-29520

GHSA ID

GHSA-9jq5-xwqw-q8j3

EPSS Score

0.37684%

CWE

CWE-248

Published

4/20/2023

Updated

11/4/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.xwiki.platform:xwiki-platform-localization-source-wiki	maven	>= 4.3-milestone-2, < 13.10.11	13.10.11
org.xwiki.platform:xwiki-platform-localization-source-wiki	maven	>= 14.0-rc-1, < 14.4.8	14.4.8
org.xwiki.platform:xwiki-platform-localization-source-wiki	maven	>= 14.5, < 14.10.1	14.10.1

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability stems from improper exception handling when loading corrupted translation documents. The stack trace shows failures in DocumentTranslationBundleFactory's initialization and translation loading processes. The CWEs (248/755) indicate uncaught exceptions and improper error handling patterns. These methods are central to the translation system's document processing but don't gracefully handle invalid data, allowing a single corrupted document to disrupt the entire translation subsystem.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

### Imp**t It's possi*l* to *r**k m*ny tr*nsl*tions *omin* *rom wiki p***s *y *r**tin* * *orrupt** *o*um*nt *ont*inin* * tr*nsl*tion o*j**t. ### P*t***s T** vuln*r**ility **s ***n p*t**** in XWiki **.*-r*-*, **.**.*, **.*.*, *n* **.**.**. ### Wor

Reasoning

T** vuln*r**ility st*ms *rom improp*r *x**ption **n*lin* w**n lo**in* *orrupt** tr*nsl*tion *o*um*nts. T** st**k tr*** s*ows **ilur*s in *o*um*ntTr*nsl*tion*un*l****tory's initi*liz*tion *n* tr*nsl*tion lo**in* pro**ss*s. T** *W*s (***/***) in*i**t*

4.3

Basic Information

Concerned about an active attack path?

CVE-2023-29520: XWiki Platform vulnerable to page render failure due to broken translations

Impact

Patches

Workarounds

References

For more information

4.3

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI