CVE-2024-37899 (GCVE-0-2024-37899)
Vulnerability from cvelistv5 – Published: 2024-06-20 22:13 – Updated: 2024-08-13 13:51
VLAI?
Title
Disabling a user account changes its author, allowing RCE from user account in XWiki
Summary
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`.
As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
### Workarounds
We're not aware of any workaround except upgrading.
### References
* https://jira.xwiki.org/browse/XWIKI-21611
* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a
Severity ?
9.1 (Critical)
CWE
- CWE-94 - Improper Control of Generation of Code ('Code Injection')
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| xwiki | xwiki-platform |
Affected:
>= 13.4.7, <= 13.5
Affected: >= 13.10.3, < 14.10.21 Affected: >= 15.0-rc-1, < 15.5.5 Affected: >= 15.6-rc-1, < 15.10.6 Affected: >= 16.0.0-rc-1, < 16.0.0 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "xwiki",
"vendor": "xwiki",
"versions": [
{
"lessThanOrEqual": "13.5",
"status": "affected",
"version": "13.4.7",
"versionType": "custom"
},
{
"lessThanOrEqual": "14.10.21",
"status": "affected",
"version": "13.10.3",
"versionType": "custom"
},
{
"lessThan": "15.5.5",
"status": "affected",
"version": "15.0-rc-1",
"versionType": "custom"
},
{
"lessThan": "15.10.6",
"status": "affected",
"version": "15.6-rc-1,",
"versionType": "custom"
},
{
"lessThan": "16.0.0",
"status": "affected",
"version": "16.0.0-rc-1,",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-37899",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-27T18:36:25.554418Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-08-13T13:51:01.754Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:04:23.403Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21611",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21611"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "xwiki-platform",
"vendor": "xwiki",
"versions": [
{
"status": "affected",
"version": "\u003e= 13.4.7, \u003c= 13.5"
},
{
"status": "affected",
"version": "\u003e= 13.10.3, \u003c 14.10.21"
},
{
"status": "affected",
"version": "\u003e= 15.0-rc-1, \u003c 15.5.5"
},
{
"status": "affected",
"version": "\u003e= 15.6-rc-1, \u003c 15.10.6"
},
{
"status": "affected",
"version": "\u003e= 16.0.0-rc-1, \u003c 16.0.0"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user\u0027s profile is executed with the admin\u0027s rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{/groovy}}`.\nAs an admin, go to the user profile and click the \"Disable this account\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### Workarounds\nWe\u0027re not aware of any workaround except upgrading.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21611\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.1,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-94",
"description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-06-20T22:13:59.450Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"
},
{
"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"
},
{
"name": "https://jira.xwiki.org/browse/XWIKI-21611",
"tags": [
"x_refsource_MISC"
],
"url": "https://jira.xwiki.org/browse/XWIKI-21611"
}
],
"source": {
"advisory": "GHSA-j584-j2vj-3f93",
"discovery": "UNKNOWN"
},
"title": "Disabling a user account changes its author, allowing RCE from user account in XWiki"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-37899",
"datePublished": "2024-06-20T22:13:59.450Z",
"dateReserved": "2024-06-10T19:54:41.362Z",
"dateUpdated": "2024-08-13T13:51:01.754Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"descriptions": "[{\"lang\": \"en\", \"value\": \"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user\u0027s profile is executed with the admin\u0027s rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\\\"attacker\\\").error(\\\"Hello from Groovy!\\\"){{/groovy}}`.\\nAs an admin, go to the user profile and click the \\\"Disable this account\\\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\\n\\n### Workarounds\\nWe\u0027re not aware of any workaround except upgrading.\\n\\n### References\\n* https://jira.xwiki.org/browse/XWIKI-21611\\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\\n\"}, {\"lang\": \"es\", \"value\": \"XWiki Platform es una plataforma wiki gen\\u00e9rica que ofrece servicios de ejecuci\\u00f3n para aplicaciones creadas sobre ella. Cuando un administrador desactiva una cuenta de usuario, el perfil del usuario se ejecuta con los derechos de administrador. Esto permite a un usuario colocar c\\u00f3digo malicioso en el perfil de usuario antes de que un administrador desactive la cuenta de usuario. Para reproducir, como usuario sin script ni derechos de programaci\\u00f3n, edite la secci\\u00f3n Acerca de de su perfil de usuario y agregue `{{groovy}}services.logging.getLogger(\\\"attacker\\\").error(\\\"Hello from Groovy!\\\"){{ /maravilloso}}`. Como administrador, vaya al perfil de usuario y haga clic en el bot\\u00f3n \\\"Desactivar esta cuenta\\\". Luego, recarga la p\\u00e1gina. Si los registros muestran \\\"atacante - \\u00a1Hola desde Groovy!\\\", entonces la instancia es vulnerable. Esto ha sido parcheado en XWiki 14.10.21, 15.5.5, 15.10.6 y 16.0.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad. ### Workarounds no conocemos ning\\u00fan workarounds excepto la actualizaci\\u00f3n. ### Referencias * https://jira.xwiki.org/browse/XWIKI-21611 * https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\"}]",
"id": "CVE-2024-37899",
"lastModified": "2024-11-21T09:24:29.807",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"baseScore\": 9.0, \"baseSeverity\": \"CRITICAL\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"REQUIRED\", \"scope\": \"CHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.3, \"impactScore\": 6.0}]}",
"published": "2024-06-20T23:15:52.460",
"references": "[{\"url\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"source\": \"security-advisories@github.com\"}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
"sourceIdentifier": "security-advisories@github.com",
"vulnStatus": "Undergoing Analysis",
"weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-94\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2024-37899\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2024-06-20T23:15:52.460\",\"lastModified\":\"2025-02-05T16:01:02.763\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user\u0027s profile is executed with the admin\u0027s rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\\\"attacker\\\").error(\\\"Hello from Groovy!\\\"){{/groovy}}`.\\nAs an admin, go to the user profile and click the \\\"Disable this account\\\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\\n\\n### Workarounds\\nWe\u0027re not aware of any workaround except upgrading.\\n\\n### References\\n* https://jira.xwiki.org/browse/XWIKI-21611\\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\\n\"},{\"lang\":\"es\",\"value\":\"XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Cuando un administrador desactiva una cuenta de usuario, el perfil del usuario se ejecuta con los derechos de administrador. Esto permite a un usuario colocar c\u00f3digo malicioso en el perfil de usuario antes de que un administrador desactive la cuenta de usuario. Para reproducir, como usuario sin script ni derechos de programaci\u00f3n, edite la secci\u00f3n Acerca de de su perfil de usuario y agregue `{{groovy}}services.logging.getLogger(\\\"attacker\\\").error(\\\"Hello from Groovy!\\\"){{ /maravilloso}}`. Como administrador, vaya al perfil de usuario y haga clic en el bot\u00f3n \\\"Desactivar esta cuenta\\\". Luego, recarga la p\u00e1gina. Si los registros muestran \\\"atacante - \u00a1Hola desde Groovy!\\\", entonces la instancia es vulnerable. Esto ha sido parcheado en XWiki 14.10.21, 15.5.5, 15.10.6 y 16.0.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad. ### Workarounds no conocemos ning\u00fan workarounds excepto la actualizaci\u00f3n. ### Referencias * https://jira.xwiki.org/browse/XWIKI-21611 * https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\",\"baseScore\":9.0,\"baseSeverity\":\"CRITICAL\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.3,\"impactScore\":6.0},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.0,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.1,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.10.3\",\"versionEndExcluding\":\"14.10.21\",\"matchCriteriaId\":\"C91B88B4-DC83-449D-95B0-DF1A76D37F54\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.0\",\"versionEndExcluding\":\"15.5.5\",\"matchCriteriaId\":\"CA7D00D6-D2DD-4678-A328-5C2A7E96FE48\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"15.6\",\"versionEndExcluding\":\"15.10.6\",\"matchCriteriaId\":\"CCB0588B-7F74-423B-9D36-4B8E4F1BA459\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.4.7:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"5069AD5C-1456-46D2-9193-2B10906D9B70\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:13.5:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"CAB28BF5-A7F3-4649-BC0F-648E8963038B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:xwiki:xwiki:16.0.0:rc1:*:*:*:*:*:*\",\"matchCriteriaId\":\"B1CD131A-4CDE-4465-BA81-77A93AFF784B\"}]}]}],\"references\":[{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-21611\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://jira.xwiki.org/browse/XWIKI-21611\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Exploit\",\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"name\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"name\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"name\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T04:04:23.403Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2024-37899\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"poc\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2024-06-27T18:36:25.554418Z\"}}}], \"affected\": [{\"cpes\": [\"cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*\"], \"vendor\": \"xwiki\", \"product\": \"xwiki\", \"versions\": [{\"status\": \"affected\", \"version\": \"13.4.7\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"13.5\"}, {\"status\": \"affected\", \"version\": \"13.10.3\", \"versionType\": \"custom\", \"lessThanOrEqual\": \"14.10.21\"}, {\"status\": \"affected\", \"version\": \"15.0-rc-1\", \"lessThan\": \"15.5.5\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"15.6-rc-1,\", \"lessThan\": \"15.10.6\", \"versionType\": \"custom\"}, {\"status\": \"affected\", \"version\": \"16.0.0-rc-1,\", \"lessThan\": \"16.0.0\", \"versionType\": \"custom\"}], \"defaultStatus\": \"unknown\"}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2024-07-01T14:41:31.191Z\"}}], \"cna\": {\"title\": \"Disabling a user account changes its author, allowing RCE from user account in XWiki\", \"source\": {\"advisory\": \"GHSA-j584-j2vj-3f93\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"CHANGED\", \"version\": \"3.1\", \"baseScore\": 9.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"CRITICAL\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"REQUIRED\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}], \"affected\": [{\"vendor\": \"xwiki\", \"product\": \"xwiki-platform\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 13.4.7, \u003c= 13.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 13.10.3, \u003c 14.10.21\"}, {\"status\": \"affected\", \"version\": \"\u003e= 15.0-rc-1, \u003c 15.5.5\"}, {\"status\": \"affected\", \"version\": \"\u003e= 15.6-rc-1, \u003c 15.10.6\"}, {\"status\": \"affected\", \"version\": \"\u003e= 16.0.0-rc-1, \u003c 16.0.0\"}]}], \"references\": [{\"url\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"name\": \"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"name\": \"https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"name\": \"https://jira.xwiki.org/browse/XWIKI-21611\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user\u0027s profile is executed with the admin\u0027s rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\\\"attacker\\\").error(\\\"Hello from Groovy!\\\"){{/groovy}}`.\\nAs an admin, go to the user profile and click the \\\"Disable this account\\\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\\n\\n### Workarounds\\nWe\u0027re not aware of any workaround except upgrading.\\n\\n### References\\n* https://jira.xwiki.org/browse/XWIKI-21611\\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-94\", \"description\": \"CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2024-06-20T22:13:59.450Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2024-37899\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2024-08-13T13:51:01.754Z\", \"dateReserved\": \"2024-06-10T19:54:41.362Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2024-06-20T22:13:59.450Z\", \"assignerShortName\": \"GitHub_M\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…