CVE-2022-41931

high-risk

Published 2022-11-23

xwiki-platform-icon-ui is vulnerable to Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection'). Any user with view rights on commonly accessible documents including the icon picker macro can execute arbitrary Groovy, Python or Velocity code in XWiki due to improper neutralization of the macro parameters of the icon picker macro. The problem has been patched in XWiki 13.10.7, 14.5 and 14.4.2. Workarounds: The [patch](https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87eaf1d01) can be manually applied by editing `IconThemesCode.IconPickerMacro` in the object editor. The whole document can also be replaced by the current version by importing the document from the XAR archive of a fixed version as the only changes to the document have been security fixes and small formatting changes.

Do I need to act?

18.9% chance of exploitation in next 30 days

EPSS score — higher than 81% of all CVEs

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Fix available

Upgrade to: 950f435a66fb9fe437d27df8a6aaf20e01322e1f, cc3304eb18e40b836f37b9ee12ffa15c9f99285a

CVSS 9.9/10 Critical

NETWORK / LOW complexity

Affected Products (5)

Xwiki

Affected Vendors

Xwiki

References (6)

Patch https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87...

Exploit https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7

Exploit https://jira.xwiki.org/browse/XWIKI-19805

Patch https://github.com/xwiki/xwiki-platform/commit/47eb8a5fba550f477944eb6da8ca91b87...

Exploit https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-5j7g-cf6r-g2h7

Exploit https://jira.xwiki.org/browse/XWIKI-19805

/ 100

high-risk

Severity 33/34 · Critical

Exploitability 13/34 · Low

Exposure 12/34 · Low