Critical Vulnerability Patched in Popular Wiki Software XWiki

CVECVE-2023-50723
CVSScvssV3_1: 10
SourceCVE-2023-50723

XWiki, an open source wiki platform used by many organizations, was found to have a serious vulnerability that could allow attackers to gain administrative access.

The vulnerability was present in versions prior to 14.10.15, 15.5.2, and 15.7-rc-1 and it occurred due to a lack of input sanitization when displaying wiki page sections in the admin interface. This meant that if an attacker could edit any wiki page, they could potentially execute arbitrary code with full admin privileges on the server.

As wiki software allows any user to edit pages by default, this vulnerability could be exploited by any logged in user. An attacker could add malicious code to a page which would then be executed with elevated privileges when viewed by an admin.

Thankfully, the XWiki team has released patches to fix this in newer versions. Users are strongly recommended to upgrade to XWiki 14.10.15 or higher to protect their wiki from this critical security issue. Administrators should also audit permissions and logs to check for any signs of exploitation.

It’s a reminder that input validation is important in any software that allows users to provide content. Keeping applications up-to-date with the latest patches is also key to maintaining security.

References