Loading HuntDB...
Hunt
Vulnerability Intelligence by wss.sh
Home Daily Briefings High Impact CVEs Recent Exploits KEV Catalog GitHub Advisories Latest Updates Security News
Sign In Sign Up

CVE-2024-31986

CRITICAL
Published 2024-04-10T20:27:29.600Z
Actions:

Expert Analysis

Professional remediation guidance

Get tailored security recommendations from our analyst team for CVE-2024-31986. We'll provide specific mitigation strategies based on your environment and risk profile.

CVSS Score

V3.1
9.1
/10
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H
Base Score Metrics
Exploitability: N/A Impact: N/A

EPSS Score

v2025.03.14
0.083
probability
of exploitation in the wild

There is a 8.3% chance that this vulnerability will be exploited in the wild within the next 30 days.

Updated: 2025-06-25
Exploit Probability
Percentile: 0.918
Higher than 91.8% of all CVEs

Attack Vector Metrics

Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
CHANGED

Impact Metrics

Confidentiality
HIGH
Integrity
HIGH
Availability
HIGH

Description

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, by creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, apply the patch manually by modifying the `Scheduler.WebHome` page.

Available Exploits

No exploits available for this CVE.

Related News

No news articles found for this CVE.

Affected Products

xwiki

xwiki-platform

Affected Versions:

>= 3.1, < 14.10.19 >= 15.0-rc-1, < 15.5.4 >= 15.6-rc-1, < 15.9
xwiki

xwiki

Affected Versions:

3.1
xwiki

xwiki

Affected Versions:

15.0
xwiki

xwiki

Affected Versions:

15.6

GitHub Security Advisories

Community-driven vulnerability intelligence from GitHub

✓ GitHub Reviewed CRITICAL

XWiki Platform CSRF remote code execution through scheduler job's document reference

GHSA-37m4-hqxv-w26g

Advisory Details

### Impact By creating a document with a special crafted documented reference and an `XWiki.SchedulerJobClass` XObject, it is possible to execute arbitrary code on the server whenever an admin visits the scheduler page or the scheduler page is referenced, e.g., via an image in a comment on a page in the wiki. To reproduce on an XWiki installation, click on this link to create a new document : `<xwiki-host>/xwiki/bin/view/%22%3E%5D%5D%7B%7B%2Fhtml%7D%7D%7B%7Basync%20context%3D%22request/parameters%22%7D%7D%7B%7Bvelocity%7D%7D%23evaluate%28%24request/eval%29/`. Then, add to this document an object of type `XWiki.SchedulerJobClass`. Finally, as an admin, go to `<xwiki-host>/xwiki/bin/view/Scheduler/?eval=$services.logging.getLogger(%22attacker%22).error(%22Hello%20from%20URL%20Parameter!%20I%20got%20programming:%20$services.security.authorization.hasAccess(%27programming%27)%22)`. If the logs contain `ERROR attacker - Hello from URL Parameter! I got programming: true`, the installation is vulnerable. ### Patches The vulnerability has been fixed on XWiki 14.10.19, 15.5.5, and 15.9. ### Workarounds Modify the Scheduler.WebHome page following this [patch](https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c#diff-1e2995eacccbbbdcc4987ff64f46ac74837d166cf9e92920b4a4f8af0f10bd47). ### References - https://jira.xwiki.org/browse/XWIKI-21416 - https://github.com/xwiki/xwiki-platform/commit/f16ca4ef1513f84ce2e685d4a05d689bd3a2ab4c

Affected Packages

Maven org.xwiki.platform:xwiki-platform-scheduler-ui
ECOSYSTEM: ≥3.1 <14.10.19
Maven org.xwiki.platform:xwiki-platform-scheduler-ui
ECOSYSTEM: ≥15.0-rc-1 <15.5.4
Maven org.xwiki.platform:xwiki-platform-scheduler-ui
ECOSYSTEM: ≥15.6-rc-1 <15.9

CVSS Scoring

CVSS Score

9.0

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H

References

WEB https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g
ADVISORY https://nvd.nist.gov/vuln/detail/CVE-2024-31986
WEB https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf
WEB https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87
WEB https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269
PACKAGE https://github.com/xwiki/xwiki-platform
WEB https://jira.xwiki.org/browse/XWIKI-21416

Advisory provided by GitHub Security Advisory Database. Published: April 10, 2024, Modified: April 10, 2024

References

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-37m4-hqxv-w26g
https://github.com/xwiki/xwiki-platform/commit/8a92cb4bef7e5f244ae81eed3e64fe9be95827cf
https://github.com/xwiki/xwiki-platform/commit/efd3570f3e5e944ec0ad0899bf799bf9563aef87
https://github.com/xwiki/xwiki-platform/commit/f30d9c641750a3f034b5910c6a3a7724ae8f2269
https://jira.xwiki.org/browse/XWIKI-21416
Published: 2024-04-10T20:27:29.600Z
Last Modified: 2024-08-02T01:59:50.842Z
Copied to clipboard!