XWiki Platform Path Traversal Vulnerability Allowing Configuration File Access

A path traversal vulnerability has been identified in XWiki Platform versions prior to 18.1.0-rc-1, 17.10.3, 17.4.9, and 16.10.17. This vulnerability allows unauthorized access to configuration files by exploiting the 'resources' parameter in the 'ssx' and 'jsx' endpoints, using leading slashes to navigate outside of the intended directory. The issue has been reported to occur on Tomcat servers.

Impact

Exploitation of this vulnerability allows for unauthorized access to sensitive configuration files, including those containing administrative passwords.

Reproduction

The vulnerability can be reproduced by sending a request to the 'ssx' or 'jsx' endpoints with a 'resources' parameter that includes a path traversal payload, such as leading slashes followed by '../' sequences, to navigate to sensitive files like 'xwiki.cfg' located in the 'WEB-INF' directory.

Remediation

Users can upgrade to XWiki versions 18.1.0-rc-1, 17.10.3, 17.4.9, or 16.10.17 to address this vulnerability.