Platform
php
Component
xwiki-platform
Fixed in
15.10.1
CVE-2024-43401 describes a critical Remote Code Execution (RCE) vulnerability affecting XWiki Platform. An attacker can leverage this flaw to execute arbitrary code by tricking a user with elevated privileges into editing content containing a malicious payload within a WYSIWYG editor. This vulnerability impacts versions of XWiki Platform up to and including 15.10-rc-1, and a patch is available in version 15.10-rc-1.
This vulnerability poses a significant risk because it allows an unprivileged user to execute code with the privileges of a higher-privileged user. An attacker could craft a malicious payload within a WYSIWYG editor and entice a user with administrative rights to edit the content. Upon editing, the payload would be executed, granting the attacker control over the XWiki Platform instance. This could lead to complete system compromise, data exfiltration, and further malicious activity. The lack of warning before editing potentially dangerous content exacerbates the risk, making users more susceptible to this attack.
CVE-2024-43401 was publicly disclosed on August 19, 2024. No public proof-of-concept (PoC) code has been released at the time of writing. The vulnerability's criticality (CVSS 9.1) suggests a high probability of exploitation if a PoC becomes available. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
1.46% (81% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2024-43401 is to immediately upgrade XWiki Platform to version 15.10-rc-1 or later. If upgrading is not immediately feasible, consider restricting user permissions to minimize the impact of a successful attack. Specifically, limit the ability of users to edit content with WYSIWYG editors. Review existing content for any suspicious payloads. While a direct workaround isn't available, implementing strict input validation and sanitization within the WYSIWYG editor could offer a temporary layer of defense. After upgrading, confirm the fix by attempting to edit a test page with a known malicious payload – it should not execute.
Update XWiki Platform to version 15.10RC1 or higher. This version contains a fix for the vulnerability that allows the execution of malicious payloads when editing content. The update will prevent users without script/programming permissions from exploiting the vulnerability.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2024-43401 is a critical Remote Code Execution vulnerability in XWiki Platform versions up to 15.10-rc-1. It allows an attacker to execute arbitrary code by tricking privileged users into editing malicious content.
You are affected if you are running XWiki Platform versions prior to 15.10-rc-1. Immediately assess your environment and upgrade to the patched version.
The recommended fix is to upgrade XWiki Platform to version 15.10-rc-1 or later. If immediate upgrade isn't possible, restrict user permissions and implement input validation.
While no active exploitation has been confirmed, the vulnerability's criticality suggests a high probability of exploitation if a proof-of-concept is released.
Refer to the official XWiki security advisory for detailed information and updates: [https://www.xwiki.com/en/security/advisories/XW-SA-2024-002/]
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.