In order to verify the vulnerability, I used two different docker environment types, one for the vulnerable version and the other for the fixed version.
To get them pls clone https://github.com/xwiki/xwiki-docker.git.
There are several versions of XWiki. I did use all of them for testing purpose. "15" folder contains latest one.
I can show you how to prepare it for testing:
Go to folder with docker-compose.yml;
There is file .env that we can modify for our purposes;
Rename file to .env-true-negative;
Create copy of file with .env-true-positive name;
Change XWIKI_VERSION value there inside to vulnerable one - in my case to 15.7.0 in the current folder;
To run vulnerable version:
docker-compose --env-file .env-true-positive -p xwiki-true-positive up -d
Fixed version:
docker-compose --env-file .env-true-negative -p xwiki-true-negative up -d
Hey,
this PR for the Vuln Detector Plugin for https://nvd.nist.gov/vuln/detail/CVE-2024-21650 (see Issue)
In order to verify the vulnerability, I used two different docker environment types, one for the vulnerable version and the other for the fixed version.
To get them pls clone https://github.com/xwiki/xwiki-docker.git. There are several versions of XWiki. I did use all of them for testing purpose. "15" folder contains latest one.
I can show you how to prepare it for testing:
To run vulnerable version:
docker-compose --env-file .env-true-positive -p xwiki-true-positive up -d
Fixed version:
docker-compose --env-file .env-true-negative -p xwiki-true-negative up -d