CVE Alert: CVE-2024-55662
Vulnerability Summary: CVE-2024-55662
XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`.
Affected Endpoints:
No affected endpoints listed.
Published Date:
12/12/2024, 6:15:27 PM
💀 CVSS Score:
Exploit Status:
Not ExploitedReferences:
- https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5
- https://jira.xwiki.org/browse/XWIKI-21890
Recommended Action:
No proposed action available. Please refer to vendor documentation for updates.
A considerable amount of time and effort goes into maintaining this website, creating backend automation and creating new features and content for you to make actionable intelligence decisions. Everyone that supports the site helps enable new functionality.
If you like the site, please support us on “Patreon” or “Buy Me A Coffee” using the buttons below
To keep up to date follow us on the below channels.
