CVE-2024-45591 Scanner

XWiki Platform is a powerful, open-source wiki platform designed for collaboration, content management, and project documentation. It is used by organizations, educational institutions, and individual users to create and maintain knowledge bases, wikis, and documentation. The platform is built to be highly customizable, allowing users to manage pages, add custom features, and integrate with various enterprise tools. XWiki Platform's REST API is a key part of its extensibility, allowing developers to interact with the platform programmatically. This API is intended to expose certain information about the platform while respecting access controls. However, vulnerabilities can arise when access controls are misconfigured or improperly enforced.

The 'Unauthorized Document History Access' vulnerability in XWiki Platform's REST API allows unauthorized users to access sensitive document history information. This includes page modification times, version numbers, author details, and version comments. This data is exposed even on private wikis, where it should be restricted. The vulnerability exists due to the improper enforcement of access rights for the history endpoint, making sensitive information available without the necessary permissions. This can lead to the disclosure of information that was intended to remain private, such as comments or authorship details.

The vulnerability is triggered by the REST API endpoint which exposes the history of any page. The endpoint, accessible at "{{BaseURL}}/xwiki/rest/wikis/xwiki/spaces/Main/pages/WebHome/history", does not enforce proper access controls. Unauthorized users can make a GET request to this endpoint and retrieve detailed history information for any page, including private wikis. The exposed data includes modification timestamps, version comments, page IDs, and authorship information, which can be exploited by attackers to gather information on the target system. The issue is a result of improper configuration of access permissions for the endpoint.

If exploited, this vulnerability can lead to unauthorized information disclosure. Attackers could access sensitive historical data about internal documentation or private wikis, potentially exposing user comments, modification details, and author identities. This could result in privacy violations or reveal critical operational information that could aid further attacks. Additionally, it could lead to reputation damage for the organization if sensitive information is exposed. In the worst case, an attacker could use this data to plan social engineering attacks against users.

References:

• https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-pvmm-55r5-g3mm
• https://jira.xwiki.org/browse/XWIKI-22052
• https://nvd.nist.gov/vuln/detail/cve-2024-45591