Plataforma
java
Componente
org.xwiki.platform:xwiki-platform-oldcore
Corrigido em
13.4.8
13.10.4
15.0.1
15.6.1
16.0.1
14.10.21
CVE-2024-37899 is a critical Remote Code Execution (RCE) vulnerability affecting XWiki Platform Oldcore versions before 14.10.21. An attacker can exploit this flaw by injecting malicious code into a user profile and then triggering its execution when an administrator disables that user's account, effectively gaining admin privileges. The vulnerability stems from improper handling of user profile execution during account disablement.
This vulnerability allows an unprivileged user to execute arbitrary code on the XWiki server with administrator privileges. The attack involves crafting a user profile containing Groovy code (e.g., {{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}) and then persuading an administrator to disable that user account. Upon disabling, the profile's code is executed under the administrator's context, granting the attacker full control over the system. The potential impact includes data breaches, system compromise, and complete takeover of the XWiki instance. This is a high-impact vulnerability due to the ease of exploitation and the severe consequences of a successful attack.
CVE-2024-37899 was publicly disclosed on June 20, 2024. No KEV listing is currently available. Public proof-of-concept code is likely to emerge given the vulnerability's ease of exploitation. Active exploitation is currently unconfirmed, but the critical severity and readily available reproduction steps suggest a high probability of exploitation in the near future. Refer to the XWiki security advisory for further details.
Organizations utilizing XWiki Platform Oldcore, particularly those with multiple administrators or shared administrative accounts, are at significant risk. Systems with legacy configurations or those lacking robust user access controls are especially vulnerable. Environments where user profiles are frequently modified or where user input is not adequately sanitized are also at increased risk.
• java / server:
ps aux | grep -i groovy• java / server:
find /opt/xwiki -name "*.groovy" -print• java / server:
journalctl -u xwiki -f | grep "attacker"disclosure
Status do Exploit
EPSS
14.13% (percentil 94%)
CISA SSVC
Vetor CVSS
The primary mitigation is to immediately upgrade XWiki Platform Oldcore to version 14.10.21 or later. Prior to upgrading, it is crucial to back up the XWiki instance to ensure data recovery in case of issues. If an upgrade is not immediately feasible, consider restricting administrator access and closely monitoring user account activity for suspicious modifications. While a direct workaround is not available, implementing strict input validation and sanitization on user profile data could reduce the attack surface, though this is not a substitute for patching. After upgrading, confirm the fix by attempting to disable a user account with a malicious profile and verifying that the Groovy code is not executed.
Atualize XWiki Platform para a versão 14.10.21, 15.5.5, 15.10.6 ou 16.0.0, ou para uma versão posterior. Isso corrige a vulnerabilidade que permite a execução remota de código ao desabilitar uma conta de usuário.
Análise de vulnerabilidades e alertas críticos diretamente no seu e-mail.
CVE-2024-37899 is a critical Remote Code Execution vulnerability in XWiki Platform Oldcore versions before 14.10.21. Disabling a user account triggers execution of their profile with admin privileges, allowing malicious code injection.
You are affected if you are running XWiki Platform Oldcore versions prior to 14.10.21. Immediately check your version and upgrade if necessary.
Upgrade XWiki Platform Oldcore to version 14.10.21 or later. Back up your instance before upgrading.
Active exploitation is currently unconfirmed, but the critical severity and ease of exploitation suggest a high probability of exploitation.
Refer to the official XWiki security advisory for detailed information and updates: [https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories](https://www.xwiki.com/xwiki/bin/view/Main/SecurityAdvisories)
Envie seu arquivo de dependências e descubra na hora se esta e outras CVEs te atingem.
Envie seu arquivo pom.xml e descubra na hora se você está afetado.