CVE-2022-41931

{"id": "CVE-2022-41931", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.9, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 6.0, "exploitabilityScore": 3.1}]}, "published": "2022-11-23T20:15:10.023", "references": [{"url": "https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://jira.xwiki.org/browse/XWIKI-19805", "tags": ["Exploit", "Issue Tracking", "Patch", "Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-95"}]}], "descriptions": [{"lang": "en", "value": "xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes."}, {"lang": "es", "value": "xwiki-platform-icon-ui es vulnerable a una Neutralizaci\u00f3n Inadecuada de Directivas en C\u00f3digo Evaluado Din\u00e1micamente (\"Inyecci\u00f3n de Evaluaci\u00f3n\"). Cualquier usuario con derechos de visualizaci\u00f3n de documentos com\u00fanmente accesibles, incluida la macro del selector de iconos, puede ejecutar c\u00f3digo Groovy, Python o Velocity arbitrario en XWiki debido a una neutralizaci\u00f3n inadecuada de los par\u00e1metros macro de la macro del recolector de iconos. El problema se solucion\u00f3 en XWiki 13.10.7, 14.5 y 14.4.2. Workarounds: el [parche](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) se puede aplicar manualmente editando `IconThemesCode.IconPickerMacro` en el editor de objetos. El documento completo tambi\u00e9n se puede reemplazar por la versi\u00f3n actual importando el documento desde el archivo XAR de una versi\u00f3n fija, ya que los \u00fanicos cambios en el documento han sido correcciones de seguridad y peque\u00f1os cambios de formato."}], "lastModified": "2022-11-30T17:00:37.137", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A2983665-C5BF-4D43-983A-585BA30399E7", "versionEndExcluding": "13.10.7", "versionStartExcluding": "6.4"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B5DF0A47-B3DD-4A49-BA56-35374D029F02", "versionEndExcluding": "14.4.2", "versionStartIncluding": "14.0.0"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:6.4:milestone2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2ED3CF77-5A0B-4A1C-9F83-B5851D415D3E"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:6.4:milestone3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "34004E8E-213E-4D7F-A6BF-953A5A5C3CA6"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:14.4.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C9646DA8-7C5A-458E-975C-A67099D43047"}, {"criteria": "cpe:2.3:a:xwiki:xwiki:14.4.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CDAB9E27-2E41-44EA-BBCB-8015B22272B7"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}