XWiki PlantUML Macro Server-Side Request Forgery Vulnerability

A Server-Side Request Forgery (SSRF) vulnerability has been identified in the XWiki PlantUML Macro, affecting versions prior to 2.4.1. The vulnerability arises because the macro allows users to specify an alternative PlantUML server via the 'server' parameter' without validating the supplied URL. This lack of validation enables attackers to send internal IP addresses or malicious external URLs, which the XWiki server will attempt to connect to in order to render diagrams. This could potentially be exploited to access internal services or resources.

Impact

Exploitation of this vulnerability allows for Server-Side Request Forgery (SSRF), where an attacker can make the XWiki server initiate requests to internal or external URLs of their choosing. This could be used to interact with internal services or bypass network restrictions.

Reproduction

To reproduce this vulnerability, create a wiki page and use the PlantUML macro to specify a URL that is either an internal IP address or a malicious external URL. Once the page is saved and viewed, the XWiki server will attempt to connect to the specified URL, demonstrating the SSRF vulnerability.

Remediation

Users can update to version 2.4.1 of the PlantUML Macro, which addresses the vulnerability by validating the 'server' parameter against a list of trusted domains. For those unable to update, consider placing the XWiki server in a DMZ to prevent access to internal resources.