CVE-2023-40573

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Aug 24, 2023
Updated: Sep 1, 2023
CWE ID 284

Summary

CVE-2023-40573 is a vulnerability affecting the XWiki Platform, a generic wiki solution. The issue lies in the platform's scheduled job functionality, which uses Groovy scripts and does not properly check the content author for programming rights. An attacker with edit access to the wiki can exploit this, together with a CSRF vulnerability in the job scheduler, to execute remote code. Successful attacks will result in an error log entry noting "Job content executed." This vulnerability has been addressed in XWiki versions 14.10.9 and 15.4RC1.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share