Plattform
java
Komponente
xwiki-platform
Behoben in
3.1.1
15.0.1
15.6.1
CVE-2024-31986 is a critical Remote Code Execution (RCE) vulnerability discovered in XWiki Platform. This flaw allows an attacker to execute arbitrary code on the server by exploiting a crafted document reference and an XWiki.SchedulerJobClass XObject. The vulnerability impacts versions 3.1 through 15.5.4, and a fix is available in XWiki 15.5.5 and later. Applying the provided patch manually is a temporary workaround.
Successful exploitation of CVE-2024-31986 grants an attacker the ability to execute arbitrary code on the affected XWiki server. This could lead to complete system compromise, including data theft, modification, or deletion. The attack is triggered when an administrator visits the scheduler page or when the scheduler page is referenced, for example, via an image in a comment. The potential blast radius is significant, as the attacker could gain control of the entire server infrastructure hosting the XWiki instance. This vulnerability shares similarities with other document parsing vulnerabilities where malicious content injection leads to code execution.
CVE-2024-31986 was publicly disclosed on April 10, 2024. While no active exploitation campaigns have been publicly confirmed, the vulnerability's critical severity and the availability of a relatively straightforward exploitation method suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. Public proof-of-concept code may emerge, increasing the risk of widespread exploitation.
Organizations heavily reliant on XWiki Platform for internal knowledge management or collaboration are at significant risk. Shared hosting environments where multiple users share the same XWiki instance are particularly vulnerable, as a compromised user account could be leveraged to exploit this vulnerability and impact other users. Legacy XWiki installations that have not been regularly updated are also at increased risk.
• linux / server:
journalctl -u xwiki | grep -i "XWiki.SchedulerJobClass"• generic web:
curl -I <xwiki_url>/xwiki/bin/view/Scheduler/WebHomeInspect the response headers for any unusual or unexpected content. • java: Monitor XWiki logs for unusual activity related to XObject creation and execution. Look for patterns indicating the creation of documents with crafted references.
disclosure
Exploit-Status
EPSS
7.90% (92% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-31986 is to upgrade XWiki Platform to version 15.5.5 or later. If immediate upgrading is not possible, a manual patch can be applied by modifying the Scheduler.WebHome page. This workaround involves carefully reviewing and sanitizing the code within that page to prevent the exploitation of the documented reference vulnerability. Consider implementing strict access controls to the scheduler page to limit potential exposure. Regularly review XWiki documentation for further security best practices.
Aktualisieren Sie XWiki Platform auf Version 14.10.19, 15.5.5 oder 15.9 oder höher. Alternativ wenden Sie den Patch manuell an, indem Sie die Seite `Scheduler.WebHome` ändern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-31986 is a critical Remote Code Execution vulnerability in XWiki Platform versions 3.1 through 15.5.4, allowing attackers to execute arbitrary code on the server.
If you are running XWiki Platform versions 3.1 through 15.5.4, you are potentially affected by this vulnerability. Upgrade to 15.5.5 or later to mitigate the risk.
Upgrade XWiki Platform to version 15.5.5 or later. As a temporary workaround, apply the manual patch by modifying the Scheduler.WebHome page.
While there are currently no confirmed reports of active exploitation, the vulnerability's severity and public disclosure increase the likelihood of exploitation.
Refer to the official XWiki security advisory for detailed information and updates: [https://xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.