CVE-2023-22457
org.xwiki.contrib:application-ckeditor-ui vulnerable to Remote Code Execution via Cross-Site Request Forgery
In short
CKEditor Integration UI in XWiki lacks CSRF protection, allowing an attacker to trick a privileged user into executing malicious macros that can run arbitrary code. This could let attackers take control of the wiki, steal sensitive data, or disable it.
Technical detail
The CKEditor.HTMLConverter document fails to validate CSRF tokens on macro execution requests. An attacker can craft a malicious GET request (via embedded image URL or redirect) that executes macros with the privileges of an authenticated user with programming rights, resulting in remote code execution and privilege escalation.
Summary generated and translated by AI from the official description.
CKEditor Integration UI adds support for editing wiki pages using CKEditor. Prior to versions 1.64.3,t he `CKEditor.HTMLConverter` document lacked a protection against Cross-Site Request Forgery (CSRF), allowing to execute macros with the rights of the current user. If a privileged user with programming rights was tricked into executing a GET request to this document with certain parameters (e.g., via an image with a corresponding URL embedded in a comment or via a redirect), this would allow arbitrary remote code execution and the attacker could gain rights, access private information or impact the availability of the wiki. The issue has been patched in the CKEditor Integration version 1.64.3. This has also been patched in the version of the CKEditor integration that is bundled starting with XWiki 14.6 RC1. There are no known workarounds for this other than upgrading the CKEditor integration to a fixed version.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Affected products
xwiki-contrib · application-ckeditorWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →