Login Sign Up

CVE-2021-21379

7.7 HIGH

📋 TL;DR

This CVE allows privilege escalation in XWiki Platform where the {{wikimacrocontent}} executes content with wiki macro author rights instead of caller rights, enabling script injection with programming privileges. It affects XWiki installations with custom or extension-installed wiki macros. No default macros are vulnerable, but custom implementations could be exploited.

💻 Affected Systems

Products:
  • XWiki Platform
Versions: All versions before XWiki 12.6.3, 11.10.11, and 12.8-rc-1
Operating Systems: All
Default Config Vulnerable: ✅ No
Notes: Only vulnerable if custom wiki macros or extensions with wiki macros are installed. No default macros in XWiki Standard are affected.

📦 What is this software?

Xwiki by Xwiki

View all CVEs affecting Xwiki →

Xwiki by Xwiki

View all CVEs affecting Xwiki →

Xwiki by Xwiki

View all CVEs affecting Xwiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution with programming rights leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Privilege escalation allowing authenticated users to execute arbitrary code with elevated permissions within the wiki context.

🟢

If Mitigated

Limited impact if no custom wiki macros exist and proper access controls restrict macro creation to trusted users.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires authenticated access and knowledge of vulnerable wiki macros. No public exploit code available as of advisory publication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: XWiki 12.6.3, 11.10.11, or 12.8-rc-1

Vendor Advisory: https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-v662-xpcc-9xf6

Restart Required: Yes

Instructions:

1. Backup your XWiki instance. 2. Upgrade to XWiki 12.6.3, 11.10.11, or 12.8-rc-1. 3. Restart the XWiki service. 4. Verify the patch is applied by checking version.

🔧 Temporary Workarounds

Disable vulnerable wiki macros

all

Identify and disable any custom wiki macros that use {{wikimacrocontent}}

Review and remove custom wiki macros via XWiki administration interface

🧯 If You Can't Patch

  • Restrict wiki macro creation to trusted administrators only
  • Audit all custom wiki macros and extensions for {{wikimacrocontent}} usage

🔍 How to Verify

Check if Vulnerable:

Check XWiki version and review installed extensions/custom macros for {{wikimacrocontent}} usage

Check Version:

Check XWiki administration dashboard or view /xwiki/bin/view/Main/WebHome page source for version info

Verify Fix Applied:

Verify XWiki version is 12.6.3, 11.10.11, or 12.8-rc-1 or later

📡 Detection & Monitoring

Log Indicators:

  • Unusual macro execution patterns
  • Script execution from wiki macro content

Network Indicators:

  • Unusual outbound connections from XWiki server

SIEM Query:

Search for 'wikimacrocontent' in XWiki application logs with suspicious payloads

📊 Metadata

CVE ID: CVE-2021-21379
CVSS v3 Score: 7.7 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N
CWE: CWE-281
Published: March 12, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-21379, you might also want to check these:

CVE-2024-41649 9.8

This CVE describes an insecure permissions vulnerability in ROS2 navigation2 that allows attackers t...

Same vulnerability type (CWE-281)
CVE-2024-54465 9.8

This CVE describes a privilege escalation vulnerability in macOS where a malicious application could...

Same vulnerability type (CWE-281)
CVE-2020-18890 9.8

This vulnerability allows remote attackers to execute arbitrary code on puppyCMS v5.1 systems due to...

Same vulnerability type (CWE-281)