CVE-2022-36100

{"id": "CVE-2022-36100", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2022-09-08T21:15:08.237", "references": [{"url": "https://github.com/xwiki/xwiki-platform/commit/604868033ebd191cf2d1e94db336f0c4d9096427", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2g5c-228j-p52x", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://jira.xwiki.org/browse/XWIKI-19747", "tags": ["Exploit", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-116"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-94"}, {"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform Applications Tag and XWiki Platform Tag UI are tag applications for XWiki, a generic wiki platform. Starting with version 1.7 in XWiki Platform Applications Tag and prior to 13.10.6 and 14.4 in XWiki Platform Tag UI, the tags document `Main.Tags` in XWiki didn't sanitize user inputs properly. This allowed users with view rights on the document (default in a public wiki or for authenticated users on private wikis) to execute arbitrary Groovy, Python and Velocity code with programming rights. This also allowed bypassing all rights checks and thus both modification and disclosure of all content stored in the XWiki installation. The vulnerability could be used to impact the availability of the wiki. On XWiki versions before 13.10.4 and 14.2, this can be combined with CVE-2022-36092, meaning that no rights are required to perform the attack. The vulnerability has been patched in versions 13.10.6 and 14.4. As a workaround, the patch that fixes the issue can be manually applied to the document `Main.Tags` or the updated version of that document can be imported from version 14.4 of xwiki-platform-tag-ui using the import feature in the administration UI on XWiki 10.9 and later."}, {"lang": "es", "value": "XWiki Platform Applications Tag y XWiki Platform Tag UI son aplicaciones de etiquetas para XWiki, una plataforma wiki gen\u00e9rica. A partir de la versi\u00f3n 1.7 en XWiki Platform Applications Tag y anteriores a 13.10.6 y 14.4 en XWiki Platform Tag UI, el documento de etiquetas \"Main.Tags\" en XWiki no saneaba apropiadamente las entradas del usuario. Esto permiti\u00f3 a usuarios con derechos de visualizaci\u00f3n en el documento (predeterminado en un wiki p\u00fablico o para usuarios autenticados en wikis privados) ejecutar c\u00f3digo Groovy, Python y Velocity arbitrario con derechos de programaci\u00f3n. Esto tambi\u00e9n permiti\u00f3 omitir todas las verificaciones de derechos y, por lo tanto, la modificaci\u00f3n y divulgaci\u00f3n de todo el contenido almacenado en la instalaci\u00f3n de XWiki. La vulnerabilidad podr\u00eda usarse para afectar la disponibilidad de la wiki. En XWiki versiones anteriores a 13.10.4 y la 14.2, esto puede combinarse con CVE-2022-36092, lo que significa que no son requeridos derechos para realizar el ataque. La vulnerabilidad ha sido parcheada en versiones 13.10.6 y 14.4. Como mitigaci\u00f3n, el parche que corrige el problema puede aplicarse manualmente al documento \"Main.Tags\" o la versi\u00f3n actualizada de ese documento puede importarse desde la versi\u00f3n 14.4 de xwiki-platform-tag-ui usando la funcionalidad import en la Interfaz de Usuario de administraci\u00f3n en XWiki versi\u00f3n 10.9 y posterior"}], "lastModified": "2023-06-27T20:52:21.010", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "72FCA84E-03EF-48EE-8718-6CB4801E5222", "versionEndExcluding": "13.10.6", "versionStartIncluding": "1.7"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "78E9227E-5BAE-44FD-B327-13434E0AF974", "versionEndExcluding": "14.4", "versionStartIncluding": "14.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}