XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.
Metrics
Affected Vendors & Products
References
History
Fri, 13 Dec 2024 15:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
ssvc
|
Thu, 12 Dec 2024 19:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading. | |
Title | XWiki allows RCE from script right in configurable sections | |
Weaknesses | CWE-862 | |
References |
| |
Metrics |
cvssV3_1
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-12-12T19:17:38.138Z
Updated: 2024-12-13T14:54:21.161Z
Reserved: 2024-12-11T15:46:36.421Z
Link: CVE-2024-55879
Vulnrichment
Updated: 2024-12-13T14:50:10.938Z
NVD
Status : Received
Published: 2024-12-12T20:15:21.623
Modified: 2024-12-13T15:15:43.170
Link: CVE-2024-55879
Redhat
No data.