SB2022090781 - Multiple vulnerabilities in XWiki platform
Published: September 7, 2022 Updated: May 5, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 3 vulnerabilities.
1) Authentication bypass using an alternate path or channel (CVE-ID: CVE-2022-36092)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to authentication bypass using an alternate path or channel in the login action when directly specifying templates. A remote attacker can request restricted documents through the login action to disclose sensitive information.
This can expose document titles, content, comments, and object properties when class and property names are known, including on private wikis.
2) Exposure of Private Information ('Privacy Violation') (CVE-ID: CVE-2022-36091)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to improper access control in the suggestion feature when handling requests for object property suggestions. A remote attacker can send a specially crafted request to disclose sensitive information.
This can expose string and list properties of objects, including private personal information such as email addresses and salted password hashes, as well as sensitive configuration fields.
3) Improper privilege management (CVE-ID: CVE-2022-31166)
The vulnerability allows a remote user to escalate privileges.
The vulnerability exists due to improper privilege management in XWikiRights resolution of groups when editing a right with the object editor. A remote user can add a supplementary empty group value that is resolved as a reference to XWiki.WebHome and then add an XWikiGroup object to grant themselves the privileges related to the edited right to escalate privileges.
The issue depends on XWiki.WebHome being editable, since an empty group value is resolved as a reference to that page.
Remediation
Install update from vendor's website.
References
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-8h89-34w2-jpfm
- https://jira.xwiki.org/browse/XWIKI-19549
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-599v-w48h-rjrm
- https://jira.xwiki.org/browse/XWIKI-18849
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-g4h6-qp44-wqvx
- https://jira.xwiki.org/browse/XWIKI-18386