CVE-2023-40573
CVSS 3.1 Score 8.8 of 10 (high)
Details
Published Aug 24, 2023
Updated: Sep 1, 2023
CWE ID 284
Summary
CVE-2023-40573 is a vulnerability affecting the XWiki Platform, a generic wiki solution. The issue lies in the platform's scheduled job functionality, which uses Groovy scripts and does not properly check the content author for programming rights. An attacker with edit access to the wiki can exploit this, together with a CSRF vulnerability in the job scheduler, to execute remote code. Successful attacks will result in an error log entry noting "Job content executed." This vulnerability has been addressed in XWiki versions 14.10.9 and 15.4RC1.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Xwiki
Affected Vendors
- xwiki