CVE-2023-50719 in XWiki
Summary
by MITRE • 12/15/2023
XWiki Platform is a generic wiki platform. Starting in 7.2-milestone-2 and prior to versions 14.10.15, 15.5.2, and 15.7-rc-1, the Solr-based search in XWiki discloses the password hashes of all users to anyone with view right on the respective user profiles. By default, all user profiles are public. This vulnerability also affects any configurations used by extensions that contain passwords like API keys that are viewable for the attacker. Normally, such passwords aren't accessible but this vulnerability would disclose them as plain text. This has been patched in XWiki 14.10.15, 15.5.2 and 15.7RC1. There are no known workarounds for this vulnerability.
If you want to get the best quality for vulnerability data then you always have to consider VulDB.
Analysis
by VulDB Data Team • 12/16/2023
The vulnerability identified as CVE-2023-50719 affects the XWiki Platform, a widely-used generic wiki platform that serves as a collaborative environment for content management and knowledge sharing. This security flaw exists in versions starting from 7.2-milestone-2 through specific older releases, creating a significant exposure risk for organizations relying on XWiki for their documentation and collaboration needs. The vulnerability specifically targets the Solr-based search functionality within the platform, which is designed to provide efficient content retrieval across the wiki's extensive database of articles, user profiles, and other stored information.
The technical flaw stems from improper access control implementation within the search indexing mechanism that processes user profile data. When users with view permissions access the platform's search functionality, the system inadvertently exposes password hashes stored in the user profiles through the search results. This occurs because the Solr search indexing process does not properly filter or sanitize sensitive authentication data before making it available in search responses. The vulnerability is particularly concerning because user profiles are publicly accessible by default, meaning that any external attacker with basic view permissions can exploit this flaw to obtain password hashes from all users within the system. This represents a direct violation of the principle of least privilege and demonstrates a critical failure in the platform's information flow control mechanisms.
The operational impact of this vulnerability extends far beyond simple credential exposure, as it affects not only authentication credentials but also any sensitive configuration data stored within user profiles. Attackers can potentially extract API keys, authentication tokens, and other proprietary information that extensions or plugins may have stored in user profile fields. This creates a cascading security risk where compromised user profiles become entry points for broader system infiltration, particularly when these profiles contain configuration data that should remain confidential. The vulnerability aligns with CWE-200, which addresses the exposure of sensitive information to an unauthorized actor, and specifically demonstrates weaknesses in access control and data sanitization. Organizations using XWiki may face significant consequences including unauthorized access to user accounts, potential privilege escalation, and exposure of internal systems that rely on the compromised credentials for authentication.
The remediation for this vulnerability required patching the XWiki platform to version 14.10.15, 15.5.2, or 15.7RC1, which included modifications to the Solr indexing process to ensure that sensitive data such as password hashes and API keys are properly filtered from search results. Security researchers and system administrators should note that no workarounds exist for this vulnerability, making immediate patching essential for organizations that have not yet updated their systems. The attack surface for this vulnerability is particularly broad since it affects the default configuration of XWiki installations, where user profiles are publicly accessible by default. This vulnerability also maps to ATT&CK technique T1566, which involves the use of credentials obtained through various means, and represents a significant risk for organizations that rely on XWiki for sensitive information management. The exposure of password hashes specifically impacts the platform's authentication security model and could potentially enable credential stuffing attacks against other systems where users may have reused passwords. Organizations should conduct immediate security assessments to identify any potential exploitation attempts and implement comprehensive monitoring for unauthorized access patterns in their XWiki environments.