CVE-2022-41927 - Vulnerability Details - OpenCVE

XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, "Wrong CSRF token")) #end ```

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Changed

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable no

Technical Impact partial

Vendors	Products
Xwiki	Xwiki

Configuration 1 [-]

OR	cpe:2.3:a:xwiki:xwiki::::::::
	cpe:2.3:a:xwiki:xwiki:3.2:milestone2::::::
	cpe:2.3:a:xwiki:xwiki:3.2:milestone3::::::
	cpe:2.3:a:xwiki:xwiki:14.4:::::::*

No data.

References

Link	Providers
https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f

History

Wed, 23 Apr 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-11-23T00:00:00.000Z

Updated: 2025-04-23T16:35:31.577Z

Reserved: 2022-09-30T00:00:00.000Z

Link: CVE-2022-41927

Vulnrichment

Updated: 2024-08-03T12:56:38.542Z

NVD

Status : Modified

Published: 2022-11-23T19:15:12.563

Modified: 2024-11-21T07:24:05.200

Link: CVE-2022-41927

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41927", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2025-04-23T16:35:31.577Z", "dateReserved": "2022-09-30T00:00:00.000Z", "datePublished": "2022-11-23T00:00:00.000Z"}, "containers": {"cna": {"title": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-23T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 3.2-milestone-2, < 13.10.7", "status": "affected"}, {"version": ">= 14.0.0, < 14.4.1", "status": "affected"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "cweId": "CWE-352"}]}], "source": {"advisory": "GHSA-mq7h-5574-hw9f", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.542Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f", "tags": ["x_transferred"]}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-23T13:54:05.395668Z", "id": "CVE-2022-41927", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T16:35:31.577Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f", "tags": ["x_transferred"]}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.542Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41927", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-04-23T13:54:05.395668Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-23T13:54:06.626Z"}}], "cna": {"title": "XWiki Platform vulnerable to Cross-Site Request Forgery (CSRF) allowing to delete or rename tags", "source": {"advisory": "GHSA-mq7h-5574-hw9f", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.4, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"status": "affected", "version": ">= 3.2-milestone-2, < 13.10.7"}, {"status": "affected", "version": ">= 14.0.0, < 14.4.1"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}, {"url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}], "descriptions": [{"lang": "en", "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-352", "description": "CWE-352: Cross-Site Request Forgery (CSRF)"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-23T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41927", "state": "PUBLISHED", "dateUpdated": "2025-04-23T16:35:31.577Z", "dateReserved": "2022-09-30T00:00:00.000Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2022-11-23T00:00:00.000Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "EAFB9FDB-DCD2-40D6-9190-BC8136D4B402", "versionEndExcluding": "13.10.7", "versionStartExcluding": "3.2", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone2:*:*:*:*:*:*", "matchCriteriaId": "902E7F43-561F-4B89-B902-CDEB6E6C938B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:3.2:milestone3:*:*:*:*:*:*", "matchCriteriaId": "CB7202B8-E057-446D-A56A-30ED1D5D350F", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:14.4:*:*:*:*:*:*:*", "matchCriteriaId": "26C528CB-800E-4D9E-9C90-CEE3D335B0FE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is vulnerable to Cross-Site Request Forgery (CSRF) that may allow attackers to delete or rename tags without needing any confirmation. The problem has been patched in XWiki 13.10.7, 14.4.1 and 14.5RC1. Workarounds: It's possible to patch existing instances directly by editing the page Main.Tags and add this kind of check, in the code for renaming and for deleting: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ```"}, {"lang": "es", "value": "XWiki Platform es vulnerable a la Cross-Site Request Forgery (CSRF), que puede permitir a los atacantes eliminar o cambiar el nombre de las etiquetas sin necesidad de confirmaci\u00f3n. El problema se solucion\u00f3 en XWiki 13.10.7, 14.4.1 y 14.5RC1. Workarounds: es posible parchear instancias existentes directamente editando la p\u00e1gina Main.Tags y agregando este tipo de verificaci\u00f3n en el c\u00f3digo para cambiar el nombre y eliminar: ``` #if (!$services.csrf.isTokenValid($request.get('form_token'))) #set ($discard = $response.sendError(401, \"Wrong CSRF token\")) #end ``` "}], "id": "CVE-2022-41927", "lastModified": "2024-11-21T07:24:05.200", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.4, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-23T19:15:12.563", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}, {"source": "security-advisories@github.com", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/commit/7fd4cda0590180c4d34f557597e9e10e263def9e"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mitigation", "Patch", "Third Party Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-mq7h-5574-hw9f"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}], "source": "security-advisories@github.com", "type": "Secondary"}]}