← back
CVE-2024-31984

XWiki Platform: Remote code execution through space title and Solr space facet

CVSS 10 CRITICALEPSS 83.0%CWE-95
In short

A flaw in XWiki allows any user to run malicious code by editing a space's title, which is accessible to all users by default. This gives attackers complete control over the entire XWiki installation.

Technical detail

CWE-95 (improper neutralization of directives in dynamically evaluated code) in XWiki's Solr search facet allows remote code execution via specially crafted space titles. The vulnerability affects versions 7.2-rc-1 through 15.10-rc-1 (excluding patched versions), requires only space title edit permissions (default for all users), and permits arbitrary Groovy code execution with full system privileges.

Summary generated and translated by AI from the official description.
XWiki Platform is a generic wiki platform. Starting in version 7.2-rc-1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, by creating a document with a specially crafted title, it is possible to trigger remote code execution in the (Solr-based) search in XWiki. This allows any user who can edit the title of a space (all users by default) to execute any Groovy code in the XWiki installation which compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the patch to the `Main.SolrSpaceFacet` page.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected products
xwiki · xwiki-platform

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/xwiki/xwiki-platform/commit/43c9d551e3c11e9d8f176b556dd33bbe31fc66e0https://github.com/xwiki/xwiki-platform/commit/5ef9d294d37be92ee22b2549e38663b29dce8767https://github.com/xwiki/xwiki-platform/commit/74e301c481e69eeea674dac7fed6af3614cf08c5https://github.com/xwiki/xwiki-platform/commit/94fc12db87c2431eb1335ecb9c2954b1905bde62https://github.com/xwiki/xwiki-platform/commit/acba74c149a041345b24dcca52c586f872ba97fbhttps://github.com/xwiki/xwiki-platform/commit/ef55105d6eeec5635fd693f0070c5aaaf3bdd940https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xm4h-3jxr-m3c6https://jira.xwiki.org/browse/XWIKI-21471