CVE-2024-31986

Exploit

EPSS 10.81%
Published 10.04.2024 21:15:06
Last modified 21.01.2025 15:43:52
Source security-advisories@github.com
Teams watchlist Login
Open Login

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.

Affected products Warnungen 0 Metrics 3 CWE 2 References 8

Data is provided by the National Vulnerability Database (NVD)

Xwiki ≫ Xwiki Version >= 3.1.1 < 14.10.19

Xwiki ≫ Xwiki Version >= 15.0 < 15.5.4

Xwiki ≫ Xwiki Version >= 15.6 < 15.9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	10.81%	0.931

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
security-advisories@github.com	9	2.3	6	CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

CWE-352 Cross-Site Request Forgery (CSRF)

The web application does not, or can not, sufficiently verify whether a well-formed, valid, consistent request was intentionally provided by the user who submitted the request.

CWE-95 Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')

The product receives input from an upstream component, but it does not neutralize or incorrectly neutralizes code syntax before using the input in a dynamic evaluation call (e.g. "eval").

https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf

Patch

https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87

Patch

https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269

Patch

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g

Vendor Advisory

https://jira.xwiki.org/browse/XWIKI-21416

Vendor Advisory

Exploit

https://nvd.nist.gov/vuln/detail/CVE-2024-31986

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-31986

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-31986

EUVD