CVE-2023-50719 Scanner
CVE-2023-50719 Scanner - Information Disclosure vulnerability in XWiki
Short Info
Level
High
Single Scan
Single Scan
Can be used by
Asset Owner
Estimated Time
10 seconds
Time Interval
16 days 20 hours
Scan only one
URL
Toolbox
-
The XWiki software is a generic wiki platform used by organizations for collaborative content creation and management. It is employed by businesses, educational institutions, and communities to facilitate shared knowledge bases and content collaboration. XWiki allows users to create and manage pages, attach files, and have discussions in a centralized environment. The platform is utilized for its extensibility and customization potential, often integrated with various extensions and APIs to enhance its functionality. As a popular open-source solution, XWiki is favored for its flexibility and scalability, catering to small teams and large enterprises alike. Ensuring security within XWiki environments is crucial due to its widespread usage and public accessibility of user profiles by default.
This Information Disclosure vulnerability in XWiki arises due to improper restrictions on Solr-based search functionalities. The vulnerability affects versions up to 14.10.15, allowing anyone with access to view user profiles to access sensitive password hashes. By exploiting this vulnerability, attackers can retrieve password hashes of all users who have public profiles. The flaw also extends to any configurations that may expose other sensitive credentials or secrets. Without appropriate segmentation of user permissions, this vulnerability opens the door to significant security breaches on affected versions. Due to its severe nature, this vulnerability requires immediate attention to safeguard sensitive information.
The vulnerability is a result of inadequate access control on Solr-based searches, which can be leveraged via specific search queries. The queries involved typically focus on "propertyvalue" and "reference" attributes related to user passwords, making it possible to retrieve hash data. In scenarios where password hashes are disclosed, the initial mitigation issues lie in the public default setting of user profiles. Technically, addressing this involves hardening the access controls within the search feature to prevent unauthorized retrieval. The template checks specific HTTP endpoints to identify if these conditions are met, ensuring the presence of the vulnerability.
If exploited, this vulnerability could lead to significant data breaches, allowing attackers to gain unauthorized access to user accounts. With user password hashes exposed, malicious actors could attempt to crack them for gaining complete control over the accounts. The access to sensitive information could also lead to further attacks, including privilege escalation, unauthorized access to sensitive data, and potential service disruptions. In management environments, such breaches could result in operational setbacks, reputational damage, and legal consequences due to failed data protection. Therefore, it is crucial to apply patches to remedy this flaw.
REFERENCES