Platform
java
Component
xwiki-platform
Fixed in
13.9.1
15.0.1
15.6.1
CVE-2024-31988 is a critical Remote Code Execution (RCE) vulnerability discovered in XWiki Platform. This flaw allows an attacker to execute arbitrary code on a vulnerable system by manipulating the realtime editor feature. The vulnerability impacts versions 13.9-rc-1 through 15.9, and a fix is available in version 14.10.19.
The impact of this vulnerability is severe. An attacker can achieve remote code execution with the privileges of an administrator user. This could lead to complete system compromise, including data exfiltration, malware installation, and denial of service. The attack vector involves tricking an administrator into visiting a specially crafted URL or viewing an image containing that URL, potentially through social engineering or malicious content injection. The ability to execute arbitrary code grants the attacker a high degree of control over the affected XWiki instance and potentially the underlying infrastructure.
CVE-2024-31988 was publicly disclosed on April 10, 2024. The vulnerability's ease of exploitation, combined with the critical CVSS score, suggests a high probability of exploitation. No active campaigns have been publicly reported as of this writing, but the availability of a public CVE and the relatively straightforward attack vector increase the risk. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
6.90% (91% percentile)
CISA SSVC
CVSS Vector
The primary mitigation is to upgrade XWiki Platform to version 14.10.19 or later. If immediate upgrading is not possible, consider disabling the realtime editor feature as a temporary workaround. Review XWiki access controls to ensure only authorized users have administrative privileges. Implement strict URL filtering and input validation to prevent malicious URLs from being displayed to administrators. Monitor XWiki logs for suspicious activity, particularly related to script execution or unusual URL requests. There are no specific Sigma or YARA rules readily available for this vulnerability, but generic Groovy/Python script execution detection rules should be considered.
Update XWiki Platform to version 14.10.19, 15.5.4 or 15.9 or later. As an alternative, apply the patch manually to `RTFrontend.ConvertHTML`, although this may affect realtime editor synchronization. Upgrading to the patched version is recommended.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-31988 is a critical Remote Code Execution vulnerability in XWiki Platform versions 13.9-rc-1 through 15.9. It allows attackers to execute arbitrary code by tricking an administrator into visiting a crafted URL.
You are affected if you are running XWiki Platform versions 13.9-rc-1 through 15.9 and have not upgraded to version 14.10.19 or later.
Upgrade XWiki Platform to version 14.10.19 or later. As a temporary workaround, disable the realtime editor feature.
While no active campaigns have been publicly reported, the vulnerability's severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official XWiki security advisory available at [https://xwiki.com/en/security/advisories/XW-SA-2024-005/](https://xwiki.com/en/security/advisories/XW-SA-2024-005/)
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your pom.xml file and we'll tell you instantly if you're affected.