Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-36095: [XWIKI-19550] Tags can be added and removed without CSRF token validation

XWiki Platform is a generic wiki platform. Prior to versions 13.10.5 and 14.3, it is possible to perform a Cross-Site Request Forgery (CSRF) attack for adding or removing tags on XWiki pages. The problem has been patched in XWiki 13.10.5 and 14.3. As a workaround, one may locally modify the documentTags.vm template in one’s filesystem, to apply the changes exposed there.

CVE
#csrf

Steps to reproduce:

  • Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=add&ajax=true&tag=foo
  • Go to <server>/xwiki/bin/view/Main/?xpage=documentTags&xaction=delete&ajax=true&tag=foo

Expected results:

  • A CSRF token validation failure error is displayed (or some other more generic error).

Actual results:

  • The tag is added to/deleted from the page.

Note that for adding tags, the CSRF token is actually included in the form but it is not validated on the server.

I have reproduced this issue on 2.6 (and a recent development version) but I think even older versions should be vulnerable.

Related news

GHSA-fxwr-4vq9-9vhj: XWiki Cross-Site Request Forgery (CSRF) for actions on tags

### Impact It's possible to perform a CSRF attack for adding or removing tags on XWiki pages. ### Patches The problem has been patched in XWiki 13.10.5 and 14.3. ### Workarounds It's possible to fix the issue without upgrading by locally modifying the documentTags.vm template in your filesystem, to apply the changes exposed there: https://github.com/xwiki/xwiki-platform/commit/7ca56e40cf79a468cea54d3480b6b403f259f9ae. ### References https://jira.xwiki.org/browse/XWIKI-19550 ### For more information If you have any questions or comments about this advisory: * Open an issue in [Jira XWiki](https://jira.xwiki.org) * Email us at [security ML](mailto:[email protected])

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907