Snyk has a proof-of-concept or detailed explanation of how to exploit this vulnerability.
The probability is the direct output of the EPSS model, and conveys an overall sense of the threat of exploitation in the wild. The percentile measures the EPSS probability relative to all known EPSS scores. Note: This data is updated daily, relying on the latest available EPSS model version. Check out the EPSS documentation for more details.
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applicationsLearn about Missing Authorization vulnerabilities in an interactive lesson.
Start learningUpgrade org.xwiki.platform:xwiki-platform-oldcore
to version 14.10.20, 15.5.4, 15.10-rc-1 or higher.
org.xwiki.platform:xwiki-platform-oldcore is a generic wiki platform offering runtime services for applications built on top of it.
Affected versions of this package are vulnerable to Missing Authorization due to the improper handling of user registration and PDF export templates. An attacker can execute arbitrary code by registering a new user account with a specific username and manipulating PDF export templates through crafted style
attributes.
An attacker can exploit this vulnerability if XWiki.PDFClass
does not exist by adding an object of class PDFClass
with a malicious style
attribute.
This vulnerability can be mitigated by creating the document XWiki.PDFClass
and blocking its edition after ensuring it does not contain a style
attribute. Otherwise, the instance needs to be updated.
Register a new user account with username PDFClass.
Switch your user account to advanced.
Use the class editor on the user profile and create a new "TextArea" property with name "style". Set the content type to "Plain Text".
Use the object editor on the user profile and add a new object of PDFClass. Set the "style" attribute to $services.logging.getLogger('PDFClass').error("I got programming: $services.security.authorization.hasAccess('programming')")
.
Open <xwiki-server>/xwiki/bin/export/Main/WebHome?format=pdf&pdfcover=1&pdfcover=0&pdftoc=1&pdftoc=0&pdfheader=1&pdfheader=0&pdffooter=1&pdffooter=0&comments=0&attachments=0&pdftemplate=XWiki.PDFClass
where is the URL of your XWiki installation.