CVE-2022-36093: CWE-288: Authentication Bypass Using an Alternate Path or Channel in xwiki xwiki-platform
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.
AI Analysis
Technical Summary
CVE-2022-36093 is an authentication bypass vulnerability affecting the XWiki Platform, a widely used generic wiki platform. The vulnerability arises from improper authentication controls (CWE-287) and the use of alternate paths or channels to bypass authentication (CWE-288). Specifically, the issue involves the Web Templates feature of XWiki, where an attacker can pass a template from the distribution wizard to the 'xpart' template. This manipulation allows the creation of user accounts even when user registration is disabled and circumvents any email verification mechanisms. The vulnerability affects XWiki Platform versions from 8.0-rc-1 up to but not including 13.10.5, and versions 14.0 up to but not including 14.3-rc-1. Notably, this flaw can be exploited on private wikis, potentially granting attackers unauthorized access. Depending on the default user rights configured, attackers may gain write access to wikis that are otherwise read-only and public. The vulnerability also impacts setups using external authentication systems such as LDAP; while authentication may fail in these cases, accounts can still be created if local accounts are enabled alongside external authentication. The vulnerability was patched in versions 13.10.5 and 14.3RC1. A temporary mitigation involves replacing the vulnerable 'xpart.vm' template with a patched version without performing a full platform update. There are no known exploits in the wild at this time, but the nature of the vulnerability allows attackers to bypass authentication controls and gain unauthorized access, which can lead to unauthorized content modification or data exposure.
Potential Impact
For European organizations using XWiki Platform, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of wiki content. Unauthorized account creation can lead to unauthorized access to sensitive internal documentation, intellectual property, or operational procedures. In private wikis, attackers may gain full access, potentially exposing confidential business information or disrupting collaboration workflows. In public wikis configured as read-only, attackers could escalate privileges to gain write access, enabling them to inject malicious content, misinformation, or disrupt the integrity of publicly available information. Organizations relying on external authentication systems like LDAP may still be vulnerable if local accounts are enabled, increasing the attack surface. The impact is particularly critical for sectors that heavily rely on internal knowledge bases, such as government agencies, research institutions, and enterprises with distributed teams. The ability to bypass email verification also facilitates automated or large-scale account creation, increasing the risk of persistent unauthorized access. While no active exploits are reported, the ease of exploitation and the potential for privilege escalation make this vulnerability a serious concern for European organizations that have not yet applied patches or mitigations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize upgrading XWiki Platform to versions 13.10.5 or later, or 14.3RC1 or later, where the issue is fully patched. If immediate upgrading is not feasible, organizations should replace the vulnerable 'xpart.vm' template with the patched version provided by the XWiki project to block the attack vector. Additionally, organizations should audit their user registration and authentication configurations, ensuring that local accounts are disabled if external authentication systems like LDAP are in use, unless absolutely necessary. Restricting default user rights to the minimum necessary can reduce the impact if unauthorized accounts are created. Monitoring wiki access logs for unusual account creation patterns or access attempts can help detect exploitation attempts early. Implementing network-level access controls to limit wiki access to trusted IP ranges, especially for private wikis, can further reduce exposure. Finally, organizations should review and tighten email verification and user registration workflows to prevent circumvention through alternate templates or channels.
Affected Countries
Germany, France, United Kingdom, Netherlands, Sweden, Belgium, Italy, Spain, Poland, Finland
CVE-2022-36093: CWE-288: Authentication Bypass Using an Alternate Path or Channel in xwiki xwiki-platform
Description
XWiki Platform Web Templates are templates for XWiki Platform, a generic wiki platform. By passing a template of the distribution wizard to the xpart template, user accounts can be created even when user registration is disabled. This also circumvents any email verification. Before versions 14.2 and 13.10.4, this can also be exploited on a private wiki, thus potentially giving the attacker access to the wiki. Depending on the configured default rights of users, this could also give attackers write access to an otherwise read-only public wiki. Users can also be created when an external authentication system like LDAP is configured, but authentication fails unless the authentication system supports a bypass/local accounts are enabled in addition to the external authentication system. This issue has been patched in XWiki 13.10.5 and 14.3RC1. As a workaround, one may replace `xpart.vm`, the entry point for this attack, by a patched version from the patch without updating XWiki.
AI-Powered Analysis
Technical Analysis
CVE-2022-36093 is an authentication bypass vulnerability affecting the XWiki Platform, a widely used generic wiki platform. The vulnerability arises from improper authentication controls (CWE-287) and the use of alternate paths or channels to bypass authentication (CWE-288). Specifically, the issue involves the Web Templates feature of XWiki, where an attacker can pass a template from the distribution wizard to the 'xpart' template. This manipulation allows the creation of user accounts even when user registration is disabled and circumvents any email verification mechanisms. The vulnerability affects XWiki Platform versions from 8.0-rc-1 up to but not including 13.10.5, and versions 14.0 up to but not including 14.3-rc-1. Notably, this flaw can be exploited on private wikis, potentially granting attackers unauthorized access. Depending on the default user rights configured, attackers may gain write access to wikis that are otherwise read-only and public. The vulnerability also impacts setups using external authentication systems such as LDAP; while authentication may fail in these cases, accounts can still be created if local accounts are enabled alongside external authentication. The vulnerability was patched in versions 13.10.5 and 14.3RC1. A temporary mitigation involves replacing the vulnerable 'xpart.vm' template with a patched version without performing a full platform update. There are no known exploits in the wild at this time, but the nature of the vulnerability allows attackers to bypass authentication controls and gain unauthorized access, which can lead to unauthorized content modification or data exposure.
Potential Impact
For European organizations using XWiki Platform, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of wiki content. Unauthorized account creation can lead to unauthorized access to sensitive internal documentation, intellectual property, or operational procedures. In private wikis, attackers may gain full access, potentially exposing confidential business information or disrupting collaboration workflows. In public wikis configured as read-only, attackers could escalate privileges to gain write access, enabling them to inject malicious content, misinformation, or disrupt the integrity of publicly available information. Organizations relying on external authentication systems like LDAP may still be vulnerable if local accounts are enabled, increasing the attack surface. The impact is particularly critical for sectors that heavily rely on internal knowledge bases, such as government agencies, research institutions, and enterprises with distributed teams. The ability to bypass email verification also facilitates automated or large-scale account creation, increasing the risk of persistent unauthorized access. While no active exploits are reported, the ease of exploitation and the potential for privilege escalation make this vulnerability a serious concern for European organizations that have not yet applied patches or mitigations.
Mitigation Recommendations
To mitigate this vulnerability, European organizations should prioritize upgrading XWiki Platform to versions 13.10.5 or later, or 14.3RC1 or later, where the issue is fully patched. If immediate upgrading is not feasible, organizations should replace the vulnerable 'xpart.vm' template with the patched version provided by the XWiki project to block the attack vector. Additionally, organizations should audit their user registration and authentication configurations, ensuring that local accounts are disabled if external authentication systems like LDAP are in use, unless absolutely necessary. Restricting default user rights to the minimum necessary can reduce the impact if unauthorized accounts are created. Monitoring wiki access logs for unusual account creation patterns or access attempts can help detect exploitation attempts early. Implementing network-level access controls to limit wiki access to trusted IP ranges, especially for private wikis, can further reduce exposure. Finally, organizations should review and tighten email verification and user registration workflows to prevent circumvention through alternate templates or channels.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-07-15T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9844c4522896dcbf3deb
Added to database: 5/21/2025, 9:09:24 AM
Last enriched: 6/22/2025, 10:06:08 PM
Last updated: 8/16/2025, 4:45:11 PM
Views: 16
Related Threats
CVE-2025-8895: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in cozmoslabs WP Webhooks – Automate repetitive tasks by creating powerful automation workflows directly within WordPress
CriticalCVE-2025-7390: CWE-295 Improper Certificate Validation in Softing Industrial Automation GmbH OPC UA C++ SDK
CriticalCVE-2025-53505: Improper limitation of a pathname to a restricted directory ('Path Traversal') in Intermesh BV Group-Office
MediumCVE-2025-53504: Cross-site scripting (XSS) in Intermesh BV Group-Office
MediumCVE-2025-48355: CWE-497 Exposure of Sensitive System Information to an Unauthorized Control Sphere in ProveSource LTD ProveSource Social Proof
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.