CVE-2022-23620 is a path traversal vulnerability identified in the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability exists in versions from 6.2-rc-1 up to, but not including, 13.6. Specifically, the issue lies in the AbstractSxExportURLFactoryActionHandler#processSx method, which handles the serialization of SSX document references to the filesystem during the HTML export process. The vulnerability arises because the export process does not properly sanitize or escape filesystem path elements such as "../", "./", or absolute path indicators "/" within document references. This improper limitation of pathname (CWE-22) allows an attacker to craft document references that include directory traversal sequences, potentially enabling them to write files outside the intended export directory. Such unauthorized file writes could lead to overwriting critical files, placing malicious scripts, or otherwise manipulating the filesystem in ways that compromise system integrity or availability. The vulnerability does not require authentication or user interaction beyond triggering the export functionality with crafted document references. Although no known exploits are reported in the wild, the flaw was addressed in version 13.6-rc-1 by properly escaping or restricting path elements during export. A temporary workaround involves limiting or disabling the document export feature to prevent exploitation until patching is possible.

For European organizations using vulnerable versions of XWiki Platform, this vulnerability poses a moderate risk. Successful exploitation could allow attackers to write arbitrary files to the server filesystem, potentially leading to remote code execution if malicious scripts are placed in web-accessible directories, or causing denial of service by corrupting or deleting critical files. This undermines the integrity and availability of the affected systems and could also lead to confidentiality breaches if sensitive files are overwritten or replaced. Organizations relying on XWiki for internal documentation, collaboration, or application runtime services could face operational disruptions. Given the lack of authentication requirements, attackers could exploit this vulnerability remotely if the export functionality is exposed to untrusted users or the internet. The impact is heightened in environments where XWiki is integrated with other critical business processes or where export functionality is frequently used. However, the absence of known active exploitation and the availability of a patch reduce immediate risk, provided organizations act promptly.

1. Upgrade affected XWiki Platform instances to version 13.6-rc-1 or later, where the vulnerability is fixed. 2. If immediate patching is not feasible, disable or restrict the document export feature to trusted users only, or completely disable it to prevent exploitation. 3. Implement strict input validation and sanitization on document references, ensuring that path traversal sequences are detected and blocked before processing. 4. Employ filesystem permission hardening to limit the write access of the XWiki application process to only necessary directories, minimizing potential damage from arbitrary file writes. 5. Monitor logs for unusual export requests containing suspicious path elements such as "../" or absolute paths. 6. Conduct regular security audits and penetration testing focused on export functionalities. 7. Educate administrators and developers about secure coding practices related to file handling and path sanitization to prevent similar issues in custom extensions or integrations.