XWiki Platform 5.0-12.10.10/13.x: Security Cache Bypass for Role Overwrite
CVE-2022-31167 Published on September 7, 2022

XWiki Platform Security Parent POM vulnerable to overwriting of security rules of a page with a final page having the same reference
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.

Github Repository NVD

Vulnerability Analysis

CVE-2022-31167 can be exploited with network access, and requires small amount of user privileges. This vulnerability is considered to have a low attack complexity. Public availability of a proof of concept (POC) exploit exists for CVE-2022-31167. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and no impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
LOW
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
LOW
Availability Impact:
NONE

Weakness Types

What is an AuthZ Vulnerability?

The software does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

CVE-2022-31167 has been classified to as an AuthZ vulnerability or weakness.

What is an AuthZ Vulnerability?

The software does not perform an authorization check when an actor attempts to access a resource or perform an action.

CVE-2022-31167 has been classified to as an AuthZ vulnerability or weakness.


Products Associated with CVE-2022-31167

Want to know whenever a new CVE is published for Xwiki? stack.watch will email you.

Xwiki
 

Affected Versions

xwiki-platform:

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-31167

Package Manager Vulnerable Package Versions Fixed In
maven org.xwiki.platform:xwiki-platform-security >= 5.0, < 12.10.11 12.10.11
maven org.xwiki.platform:xwiki-platform-security >= 13.0, < 13.4.6 13.4.6
maven org.xwiki.platform:xwiki-platform-security >= 13.10, < 13.10.1 13.10.1

Exploit Probability

EPSS
0.49%
Percentile
65.99%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.