CVE-2023-48293 – This CSRF vulnerability in XWiki Admin Tools al... (How to Fix)

Q: What is the severity of CVE-2023-48293?

CVE-2023-48293 has a CVSS score of 8.8 (HIGH). This CSRF vulnerability in XWiki Admin Tools allows attackers to execute arbitrary database queries when an admin user views malicious content. It affects XWiki instances with Admin Tools Application before version 4.5.1, potentially enabling data destruction, privilege escalation, and complete system compromise.

📋 TL;DR

This CSRF vulnerability in XWiki Admin Tools allows attackers to execute arbitrary database queries when an admin user views malicious content. It affects XWiki instances with Admin Tools Application before version 4.5.1, potentially enabling data destruction, privilege escalation, and complete system compromise.

💻 Affected Systems

Products:

XWiki Admin Tools Application

Versions: All versions before 4.5.1

Operating Systems: All platforms running XWiki

Default Config Vulnerable: ⚠️ Yes

Notes: Requires Admin Tools Application installed and admin user interaction with malicious content.

📦 What is this software?

Xwiki by Xwiki

View all CVEs affecting Xwiki →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete database wipe, creation of admin accounts for attackers, and full compromise of the XWiki instance leading to data loss and unauthorized access.

🟠

Likely Case

Data manipulation or deletion through crafted queries when admins view malicious comments or pages containing embedded attack vectors.

🟢

If Mitigated

Limited impact with proper CSRF protections, admin awareness training, and restricted access to admin tools.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploit requires admin user to view malicious content; attack vectors include comments with embedded wiki syntax.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.5.1

Vendor Advisory: https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv

Restart Required: No

Instructions:

1. Upgrade Admin Tools Application to version 4.5.1 or later. 2. Apply the patch manually to affected pages if upgrade not possible. 3. Verify form token checks are implemented.

🔧 Temporary Workarounds

Delete SQLToolsGroovy document

all

Removes database query tools functionality entirely

Delete document: Admin.SQLToolsGroovy

🧯 If You Can't Patch

Restrict access to admin tools to trusted networks only
Implement additional CSRF protection at web application firewall level

🔍 How to Verify

Check if Vulnerable:

Check Admin Tools Application version; if <4.5.1, vulnerable. Review Admin/QueryOnXWiki page for form token implementation.

Check Version:

Check XWiki extension manager or Admin Tools Application version in XWiki administration interface.

Verify Fix Applied:

Verify Admin Tools Application version is ≥4.5.1. Test QueryOnXWiki tool requires form token for queries.

📡 Detection & Monitoring

Log Indicators:

Unusual database query patterns from Admin/QueryOnXWiki
Multiple DELETE or UPDATE operations in short time

Network Indicators:

Requests to /xwiki/bin/view/Admin/QueryOnXWiki with query parameters from unexpected sources

SIEM Query:

source="xwiki.log" AND ("QueryOnXWiki" OR "DELETE FROM" OR "UPDATE xwikidoc")

📊 Metadata

CVE ID: CVE-2023-48293

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-352

Published: November 20, 2023

Last Updated: November 21, 2024

🔗 References

https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 Patch
https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv Patch,Vendor Advisory
https://jira.xwiki.org/browse/ADMINTOOL-92 Vendor Advisory
https://github.com/xwiki-contrib/application-admintools/commit/45298b4fbcafba6914537dcdd798a1e1385f9e46 Patch
https://github.com/xwiki-contrib/application-admintools/security/advisories/GHSA-4f4c-rhjv-4wgv Patch,Vendor Advisory
https://jira.xwiki.org/browse/ADMINTOOL-92 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-48293, you might also want to check these: