XWiki OIDC auth bypass via request param, fixed in 1.29.1
CVE-2022-39387 Published on November 4, 2022

XWiki OIDC Authenticator vulnerable to OpenID login bypass due to improper authentication
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Prior to version 1.29.1, even if a wiki has an OpenID provider configured through its xwiki.properties, it is possible to provide a third party provider its details through request parameters. One can then bypass the XWiki authentication altogether by specifying its own provider through the oidc.endpoint.* request parameters (or by using an XWiki-based OpenID provider with oidc.xwikiprovider. With the same approach, one could also provide a specific group mapping through oidc.groups.mapping that would make his user automatically part of the XWikiAdminGroup. This issue has been patched, please upgrade to 1.29.1. There is no workaround, an upgrade of the authenticator is required.

NVD

Vulnerability Analysis

CVE-2022-39387 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a high impact on confidentiality, with no impact on integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
NONE
User Interaction:
NONE
Scope:
UNCHANGED
Confidentiality Impact:
HIGH
Integrity Impact:
NONE
Availability Impact:
HIGH

Weakness Type

What is an authentification Vulnerability?

When an actor claims to have a given identity, the software does not prove or insufficiently proves that the claim is correct.

CVE-2022-39387 has been classified to as an authentification vulnerability or weakness.


Products Associated with CVE-2022-39387

stack.watch emails you whenever new vulnerabilities are published in Xwiki Openid Connect or Xwiki. Just hit a watch button to start following.

Xwiki Openid Connect
 
Xwiki
 

Affected Versions

xwiki-contrib oidc Version < 1.29.1 is affected by CVE-2022-39387

Exploit Probability

EPSS
0.15%
Percentile
34.82%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.