WRITEUP

WRITEUP

Exploit for CVE-2023-37911 - Xwiki < 14.10.8 - Exposure to Wrong Actor

AI Analysis

This patch addresses CVE-2023-37911 by adding authorization checks to the document revision provider in XWiki's script API. The fix ensures that users must have VIEW rights to access document revisions, preventing unauthorized access to historical document content.

Attack Type

auth_bypass

Complexity

moderate

Reliability

reliable

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation

Loading exploit code...

Download ZIP Password: eip

Source

Platform Writeup

Type patch

Files 1

https://github.com/xwiki/xwiki-platform/commit/f471f2a392aeeb9e51d59fdfe1d76fccf532523f

Authors

Michael Hamann

Vulnerability

CVE-2023-37911

Xwiki < 14.10.8 - Exposure to Wrong Actor

MEDIUM

CVSS 6.5