SB2022020951 - Multiple vulnerabilities in XWiki platform
Published: February 9, 2022 Updated: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Missing Authorization (CVE-ID: CVE-2022-23621)
The vulnerability allows a remote user to disclose sensitive information.
The vulnerability exists due to missing authorization in XWiki#invokeServletAndReturnAsString when handling servlet path input. A remote privileged user can request a file path within the WAR to disclose sensitive information.
Before XWiki 7.4, the same access was possible with EDIT right instead of SCRIPT right.
2) Relative Path Traversal (CVE-ID: CVE-2022-23620)
The vulnerability allows a remote user to modify files outside the intended export directory and cause a denial of service.
The vulnerability exists due to relative path traversal in AbstractSxExportURLFactoryActionHandler#processSx when serializing an SSX or JSX document reference to the filesystem during HTML export. A remote privileged user can create and use an SSX or JSX reference containing "../" to modify files outside the intended export directory and cause a denial of service.
User interaction is required to trigger the export process.
3) Information disclosure (CVE-ID: CVE-2022-23619)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to exposure of sensitive information in the "Forgot your password?" form when handling password reset requests. A remote attacker can submit a username to determine whether an account exists to disclose sensitive information.
The issue can be exploited even if the wiki is closed to guest users.
Remediation
Install update from vendor's website.
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-2jhm-qp48-hv5j
- https://jira.xwiki.org/browse/XWIKI-18870
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-7ph6-5cmq-xgjq
- https://jira.xwiki.org/browse/XWIKI-18819
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-35fg-hjcr-j65f
- https://jira.xwiki.org/browse/XWIKI-18787