关键信息 漏洞标题 Remote code execution through default value of wiki macro wiki-type parameters 严重性 High CVSS v4 base metrics: 8.7/10 影响 Package: Affected versions: - - - - - Patched versions: - - - 描述 Impact: - Any user with edit right on a page can execute code (Groovy, Python, Velocity) with programming right by defining a wiki macro. - This allows full access to the whole XWiki installation and thus impacts its confidentiality, integrity, and availability. - The main problem is that if a wiki macro parameter allows wiki syntax, its default value is executed with the rights of the author of the document where it is used. 补丁 Patches: - This vulnerability has been patched in XWiki 16.4.7, 16.10.3 and 17.0.0 by executing wiki parameters with the rights of the wiki macro's author when the parameter's value is the default value. 解决方案 Workarounds: - We're not aware of any workarounds except for upgrading. 参考 References: - https://jira.xwiki.org/browse/XWIKI-22760 -