What is CVE-2023-32068?

CVE-2023-32068 is a medium-severity vulnerability in Xwiki Xwiki-platform, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 4.7/10. Published 2023-05-15.

How severe is CVE-2023-32068?

Medium severity. CVSS v3 base score is 4.7 out of 10.

Is CVE-2023-32068 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Open Redirect in Xwiki Xwiki-platform

CVE-2023-32068

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions prior to 14.10.4 it's possible to exploit well known parameters in XWiki URLs to perform redirection to untrusted site. Th…

Vulnerability class: Open Redirect

EPSS: 0.551 (98.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.7 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N.

Affected products

Xwiki Xwiki-platform — versions < 14.10.4

Weakness classification (CWE)

CWE-601 — URL Redirection to Untrusted Site (Open Redirect)

Public proof-of-concept exploits

ARPSyndicate/cve-scores

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-6gvj-8vc5-8v3j (x_refsource_CONFIRM)
https://github.com/xwiki/xwiki-platform/commit/e4f7f68e93cb08c25632c126356d218abf192d1e (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-20096 (x_refsource_MISC)
https://jira.xwiki.org/browse/XWIKI-20549 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-32068?: CVE-2023-32068 is a medium-severity vulnerability in Xwiki Xwiki-platform, classified under URL Redirection to Untrusted Site (Open Redirect). CVSS score: 4.7/10. Published 2023-05-15.
How severe is CVE-2023-32068?: Medium severity. CVSS v3 base score is 4.7 out of 10.
Is CVE-2023-32068 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.