Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2023-26478: TemporaryAttachmentsScriptService#uploadTemporaryAttachment return an XWikiAttachment instance

XWiki Platform is a generic wiki platform. Starting in version 14.3-rc-1, org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment returns an instance of com.xpn.xwiki.doc.XWikiAttachment. This class is not supported to be exposed to users without the programing right. com.xpn.xwiki.api.Attachment should be used instead and takes case of checking the user’s rights before performing dangerous operations. This has been patched in versions 14.9-rc-1 and 14.4.6. There are no known workarounds for this issue.

CVE
Open in Source
#git#jira

Log inSkip to main contentSkip to sidebar

  • Dashboards

  • Projects

  • Issues

  • Give feedback to Atlassian

  • Help

    • Jira Core help
    • Keyboard Shortcuts
    • About Jira
    • Jira Credits

  • Log In

  1. XWiki Platform
  2. XWIKI-20180

Log In

Closed

Export

XMLWordPrintable

Details

  • **Type: ** Bug

  • Resolution: Fixed

  • **Priority: ** Critical

  • Fix Version/s: 14.9-rc-1, 14.4.6

  • Affects Version/s: 14.3-rc-1

  • Component/s: Storage - File System

  • Labels:

    • attack_escalation
    • attacker_script
    • security

  • Tests:

    Unit

  • Difficulty:

    Unknown

  • Documentation:

    N/A

  • Documentation in Release Notes:

    N/A

  • Pull Request Status:

    Pull Request accepted

  • Similar issues:

Description

TemporaryAttachmentsScriptService#uploadTemporaryAttachment is returning an XWikiAttachment instance (or anything from com.xpn.xwiki.doc)

It should either:

  1. check the rights
  2. return an Attachment instead

Attachments

Issue Links

links to

Github Security advisory

Activity

People

Assignee:

Manuel Leduc

Reporter:

Manuel Leduc

Votes:

0 Vote for this issue

Watchers:

1 Start watching this issue

Dates

Created:

03/Oct/22 14:53

Updated:

Yesterday 18:06

Resolved:

10/Oct/22 15:43

Related news

GHSA-8692-g6g9-gm5p: xwiki contains Exposed Dangerous Method or Function

### Impact `org.xwiki.store.script.TemporaryAttachmentsScriptService#uploadTemporaryAttachment` is returning an instance of `com.xpn.xwiki.doc.XWikiAttachment`. This class is not supported to be exposed to users without the `programing` right. `com.xpn.xwiki.api.Attachment` should be used instead and takes case of checking the user's rights before performing dangerous operations. ### Patches This has been patched in the version 14.9-rc-1 and 14.4.6. ### Workarounds There's no workaround for this issue. ### References https://jira.xwiki.org/browse/XWIKI-20180 ### For more information If you have any questions or comments about this advisory: * Open an issue in [JIRA](https://jira.xwiki.org/) * Email us at [security ML](mailto:[email protected])

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE