CVE-2023-46743 – This vulnerability in XWiki's Collabora Online ... (How to Fix)

Q: What is the severity of CVE-2023-46743?

CVE-2023-46743 has a CVSS score of 7.3 (HIGH). This vulnerability in XWiki's Collabora Online integration allows users with view-only permissions to gain edit access to documents when they open attachments after a user with edit rights has accessed them. The issue affects XWiki instances using application-collabora integration where document permissions are enforced. Attackers can exploit cached permission states to modify documents they shouldn't have write access to.

📋 TL;DR

This vulnerability in XWiki's Collabora Online integration allows users with view-only permissions to gain edit access to documents when they open attachments after a user with edit rights has accessed them. The issue affects XWiki instances using application-collabora integration where document permissions are enforced. Attackers can exploit cached permission states to modify documents they shouldn't have write access to.

💻 Affected Systems

Products:

XWiki with application-collabora integration

Versions: All versions before 1.3

Operating Systems: All platforms running XWiki

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects instances using Collabora Online integration for office document editing.

📦 What is this software?

Application Collabora by Xwiki

View all CVEs affecting Application Collabora →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthorized users could modify sensitive documents, inject malicious content, or delete important information in collaborative environments.

🟠

Likely Case

Users with view-only permissions accidentally or intentionally edit documents they shouldn't have write access to, potentially causing data integrity issues.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to temporary permission escalation within active editing sessions.

🌐 Internet-Facing: MEDIUM - Exploitation requires authenticated access and specific conditions, but internet-facing instances could be targeted.

🏢 Internal Only: MEDIUM - Internal users could exploit this to bypass document permission controls in collaborative environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW - Requires authenticated user access and knowledge of the vulnerability.

Exploitation requires a user with edit rights to open a document first, then a user with view-only rights accessing the same document during the active session.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.3

Vendor Advisory: https://github.com/xwikisas/application-collabora/security/advisories/GHSA-mvq3-xxg2-rj57

Restart Required: Yes

Instructions:

1. Backup your XWiki instance. 2. Update application-collabora extension to version 1.3 via XWiki Extension Manager. 3. Restart XWiki application server. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Collabora Online editing

all

Temporarily disable the Collabora Online integration to prevent exploitation.

Navigate to XWiki Administration > Applications > Collabora Online and disable the extension

Restrict document access

all

Implement stricter document permission policies to limit potential impact.

Review and tighten document access controls in XWiki

🧯 If You Can't Patch

Implement strict document access monitoring and alert on unusual edit patterns
Educate users about proper document permission management and session handling

🔍 How to Verify

Check if Vulnerable:

Check application-collabora extension version in XWiki Administration > Applications. If version is below 1.3, the system is vulnerable.

Check Version:

Check XWiki Administration panel or examine the extension version in the XWiki filesystem.

Verify Fix Applied:

After updating to version 1.3, test that users with view-only permissions cannot edit documents when following the exploitation scenario.

📡 Detection & Monitoring

Log Indicators:

Multiple users accessing same document with different permission levels in short timeframes
Unexpected document modifications by users with view-only roles

Network Indicators:

Unusual Collabora Online API calls for document editing

SIEM Query:

Search for document edit events where user permission level doesn't match expected access rights

📊 Metadata

CVE ID: CVE-2023-46743

CVSS v3 Score: 7.3 (HIGH)

CVSS Vector: CVSS:3.1/AV:P/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-276

Published: November 9, 2023

Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-46743, you might also want to check these: