Plattform
java
Komponente
xwiki-platform
Behoben in
13.9.1
15.0.1
15.6.1
CVE-2024-31988 is a critical Remote Code Execution (RCE) vulnerability discovered in XWiki Platform. This flaw allows an attacker to execute arbitrary code on a vulnerable system by manipulating the realtime editor feature. The vulnerability impacts versions 13.9-rc-1 through 15.9, and a fix is available in version 14.10.19.
The impact of this vulnerability is severe. An attacker can achieve remote code execution with the privileges of an administrator user. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The attack vector involves tricking an administrator into visiting a specially crafted URL or viewing an image containing that URL, potentially through social engineering or malicious content injection. The ability to execute arbitrary code grants the attacker a high degree of control over the affected XWiki instance and potentially the underlying infrastructure.
CVE-2024-31988 was publicly disclosed on April 10, 2024. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a high probability of exploitation. No active campaigns have been publicly reported as of this writing, but the availability of a public CVE and the relatively straightforward attack vector increase the risk. It is not currently listed on the CISA KEV catalog.
Organizations using XWiki Platform in environments where administrators regularly interact with external content or visit potentially untrusted URLs are at significant risk. Shared hosting environments where multiple users share an XWiki instance are particularly vulnerable, as a compromised user could potentially exploit this vulnerability to gain access to other users' data.
• linux / server:
journalctl -u xwiki | grep -i "scripting macros"• java / platform:
ps -ef | grep -i "groovy"• generic web:
curl -I <xwiki_url>/xwiki/bin/view/Main/Admin # Check for unusual headers or redirectsdisclosure
Exploit-Status
EPSS
6.90% (91% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to upgrade XWiki Platform to version 14.10.19 or later. If immediate upgrading is not possible, consider disabling the realtime editor feature as a temporary workaround. Review XWiki access controls to ensure only authorized users have administrative privileges. Implement strict URL filtering and input validation to prevent malicious URLs from being displayed to administrators. Monitor XWiki logs for suspicious activity, particularly related to script execution or unusual URL requests. There are no specific Sigma or YARA rules readily available for this vulnerability, but generic Groovy/Python script execution detection rules should be considered.
Aktualisieren Sie XWiki Platform auf Version 14.10.19, 15.5.4 oder 15.9 oder höher. Alternativ wenden Sie den Patch manuell auf `RTFrontend.ConvertHTML` an, obwohl dies die Synchronisation des Realtime Editors beeinträchtigen kann. Es wird empfohlen, auf die korrigierte Version zu aktualisieren.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-31988 is a critical Remote Code Execution vulnerability in XWiki Platform versions 13.9-rc-1 through 15.9. It allows attackers to execute arbitrary code by tricking an administrator into visiting a crafted URL.
You are affected if you are running XWiki Platform versions 13.9-rc-1 through 15.9 and have not upgraded to version 14.10.19 or later.
Upgrade XWiki Platform to version 14.10.19 or later. As a temporary workaround, disable the realtime editor feature.
While no active campaigns have been publicly reported, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official XWiki security advisory available at [https://xwiki.com/en/security/advisories/XW-SA-2024-005/](https://xwiki.com/en/security/advisories/XW-SA-2024-005/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine pom.xml-Datei hoch und wir sagen dir sofort, ob du betroffen bist.