
We found results for “”
CVE-2024-55879
Good to know:

Date: December 12, 2024
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of "XWiki.ConfigurableClass" to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.
Language: Java
Severity Score
Related Resources (7)
Severity Score
Weakness Type (CWE)
Missing Authorization
CWE-862Top Fix

Upgrade Version
Upgrade to version org.xwiki.platform:xwiki-platform-administration-ui:15.10.9;org.xwiki.platform:xwiki-platform-administration-ui:16.3.0
CVSS v3.1
Base Score: |
|
---|---|
Attack Vector (AV): | NETWORK |
Attack Complexity (AC): | LOW |
Privileges Required (PR): | HIGH |
User Interaction (UI): | NONE |
Scope (S): | CHANGED |
Confidentiality (C): | HIGH |
Integrity (I): | HIGH |
Availability (A): | HIGH |