CVE-2022-23617

MEDIUM

XWiki Platform < 12.10.6 - Missing Authorization via Page Template Copy

Title source: llm

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions any user with edit right can copy the content of a page it does not have access to by using it as template of a new page. This issue has been patched in XWiki 13.2CR1 and 12.10.6. Users are advised to update. There are no known workarounds for this issue.

References (4)

Core 4

Core References

Third Party Advisory x_refsource_confirm

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-gf7x-2j2x-7f73

Patch, Third Party Advisory x_refsource_misc

https://github.com/xwiki/xwiki-platform/commit/30c52b01559b8ef5ed1035dac7c34aaf805764d5

View Patch ZIP pw:eip

Patch, Third Party Advisory x_refsource_misc

https://github.com/xwiki/xwiki-platform/commit/b35ef0edd4f2ff2c974cbeef6b80fcf9b5a44554

View Patch ZIP pw:eip

Patch, Vendor Advisory x_refsource_misc

https://jira.xwiki.org/browse/XWIKI-18430

Scores

CVSS v3 6.5

EPSS 0.0093

EPSS Percentile 55.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-862

Status published

Products (4)

org.xwiki.platform/xwiki-platform-oldcore 0 - 12.10.6Maven

xwiki/xwiki 13.0

xwiki/xwiki 13.1

xwiki/xwiki < 12.10.5

Published Feb 09, 2022

Tracked Since Feb 18, 2026