CVE-2024-31986 - OpenCVE

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation poc

Automatable no

Technical Impact total

Vendors	Products
Xwiki	Xwiki

No data.

No data.

References

Link	Providers
https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf
https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87
https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g
https://jira.xwiki.org/browse/XWIKI-21416

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-04-10T20:27:29.600Z

Updated: 2024-08-02T01:59:50.842Z

Reserved: 2024-04-08T13:48:37.490Z

Link: CVE-2024-31986

Vulnrichment

Updated: 2024-07-19T15:18:59.326Z

NVD

Status : Awaiting Analysis

Published: 2024-04-10T21:15:06.917

Modified: 2024-04-11T12:47:44.137

Link: CVE-2024-31986

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31986", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-08T13:48:37.490Z", "datePublished": "2024-04-10T20:27:29.600Z", "dateUpdated": "2024-08-02T01:59:50.842Z"}, "containers": {"cna": {"title": "XWiki Platform CSRF remote code execution through scheduler job's document reference", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-95", "lang": "en", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21416", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-21416"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 3.1, < 14.10.19", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.5.4", "status": "affected"}, {"version": ">= 15.6-rc-1, < 15.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-10T20:27:29.600Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page."}], "source": {"advisory": "GHSA-37m4-hqxv-w26g", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "xwiki", "product": "xwiki", "cpes": ["cpe:2.3:a:xwiki:xwiki:3.1:-:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.1", "status": "affected", "lessThan": "14.10.19", "versionType": "custom"}]}, {"vendor": "xwiki", "product": "xwiki", "cpes": ["cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.0", "status": "affected", "lessThan": "15.5.4", "versionType": "custom"}]}, {"vendor": "xwiki", "product": "xwiki", "cpes": ["cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "15.6", "status": "affected", "lessThan": "15.9", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-07-19T14:43:39.388902Z", "id": "CVE-2024-31986", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T21:06:21.946Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T01:59:50.842Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21416", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XWIKI-21416"}]}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-31986", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-04-08T13:48:37.490Z", "datePublished": "2024-04-10T20:27:29.600Z", "dateUpdated": "2024-07-19T21:06:21.946Z"}, "containers": {"cna": {"title": "XWiki Platform CSRF remote code execution through scheduler job's document reference", "problemTypes": [{"descriptions": [{"cweId": "CWE-352", "lang": "en", "description": "CWE-352: Cross-Site Request Forgery (CSRF)", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-95", "lang": "en", "description": "CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21416", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-21416"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 3.1, < 14.10.19", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.5.4", "status": "affected"}, {"version": ">= 15.6-rc-1, < 15.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-04-10T20:27:29.600Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page."}], "source": {"advisory": "GHSA-37m4-hqxv-w26g", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-31986", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-07-19T14:43:39.388902Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xwiki:xwiki:3.1:-:*:*:*:*:*:*"], "vendor": "xwiki", "product": "xwiki", "versions": [{"status": "affected", "version": "3.1", "lessThan": "14.10.19", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:xwiki:xwiki:15.0:rc1:*:*:*:*:*:*"], "vendor": "xwiki", "product": "xwiki", "versions": [{"status": "affected", "version": "15.0", "lessThan": "15.5.4", "versionType": "custom"}], "defaultStatus": "unknown"}, {"cpes": ["cpe:2.3:a:xwiki:xwiki:15.6:rc1:*:*:*:*:*:*"], "vendor": "xwiki", "product": "xwiki", "versions": [{"status": "affected", "version": "15.6", "lessThan": "15.9", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-19T15:18:59.326Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page."}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica. A partir de la versi\u00f3n 3.1 y anteriores a las versiones 4.10.19, 15.5.4 y 15.10-rc-1, al crear un documento con una referencia documentada especialmente manipulada y un XObject `XWiki.SchedulerJobClass`, es posible ejecutar c\u00f3digo arbitrario en el servidor cada vez que un administrador visita la p\u00e1gina del programador o se hace referencia a la p\u00e1gina del programador, por ejemplo, a trav\u00e9s de una imagen en un comentario en una p\u00e1gina de la wiki. La vulnerabilidad se solucion\u00f3 en XWiki 14.10.19, 15.5.5 y 15.9. Como workaround, aplique el parche manualmente modificando la p\u00e1gina `Scheduler.WebHome`."}], "id": "CVE-2024-31986", "lastModified": "2024-04-11T12:47:44.137", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-04-10T21:15:06.917", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf"}, {"source": "security-advisories@github.com", "url": "https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87"}, {"source": "security-advisories@github.com", "url": "https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269"}, {"source": "security-advisories@github.com", "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g"}, {"source": "security-advisories@github.com", "url": "https://jira.xwiki.org/browse/XWIKI-21416"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-352"}, {"lang": "en", "value": "CWE-95"}], "source": "security-advisories@github.com", "type": "Secondary"}]}