CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
EPSS
Percentile
87.3%
CKEditor Integration UI adds support for editing wiki pages using CKEditor.
Prior to versions 1.64.3,t he CKEditor.HTMLConverter
document lacked a
protection against Cross-Site Request Forgery (CSRF), allowing to execute
macros with the rights of the current user. If a privileged user with
programming rights was tricked into executing a GET request to this
document with certain parameters (e.g., via an image with a corresponding
URL embedded in a comment or via a redirect), this would allow arbitrary
remote code execution and the attacker could gain rights, access private
information or impact the availability of the wiki. The issue has been
patched in the CKEditor Integration version 1.64.3. This has also been
patched in the version of the CKEditor integration that is bundled starting
with XWiki 14.6 RC1. There are no known workarounds for this other than
upgrading the CKEditor integration to a fixed version.
Author | Note |
---|---|
sbeattie | embedded copies of ckeditor are in ldap-account-manager, rt4, and rt5 |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 16.04 | noarch | ckeditor | < any | UNKNOWN |
ubuntu | 18.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 20.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 22.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 24.04 | noarch | ckeditor3 | < any | UNKNOWN |
ubuntu | 18.04 | noarch | ldap-account-manager | < any | UNKNOWN |
github.com/xwiki-contrib/application-ckeditor/commit/6b1053164386aefc526df7512bc664918aa6849b
github.com/xwiki-contrib/application-ckeditor/security/advisories/GHSA-6mjp-2rm6-9g85
jira.xwiki.org/browse/CKEDITOR-475
launchpad.net/bugs/cve/CVE-2023-22457
nvd.nist.gov/vuln/detail/CVE-2023-22457
security-tracker.debian.org/tracker/CVE-2023-22457
www.cve.org/CVERecord?id=CVE-2023-22457