CVE-2022-29253: 
Java vulnerability analysis and mitigation

A path traversal vulnerability was discovered in XWiki Platform's template manager (CVE-2022-29253) affecting versions 8.3-rc-1 and later, patched in versions 14.0 and 13.10.3. The vulnerability allowed attackers to access any file located in the classloader using the template API and a path with ".." in it, potentially exposing sensitive configuration files (GitHub Advisory).

The vulnerability stems from improper path validation in the template manager component. Attackers could use path traversal sequences ("../") to access files outside the intended "templates/" directory through the template API. For example, an attacker could access sensitive files using syntax like {{template name="../xwiki.hbm.xml"/}}. The vulnerability has a CVSS v3.1 base score of 2.7 (Low) with vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N (GitHub Advisory).

The vulnerability allows unauthorized access to files in the classloader, including potentially sensitive configuration files like hibernate.cfg.xml. However, according to the vendor, none of the accessible files in XWiki Standard contain highly confidential data, which contributed to the low severity rating (GitHub Advisory, XWiki Jira).

The vulnerability has been patched in XWiki Platform versions 14.0 and 13.10.3. The fix includes implementing proper path validation to prevent access to resources from other directories. There are no easy workarounds for this issue, and administrators are advised to upgrade their wiki installations to a patched version (GitHub Advisory).