CVE-2024-55879

Published Dec 12, 2024

Last updated 2 months ago

CVSS critical 9.1

Overview

Description
XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This has been patched in XWiki 15.10.9 and 16.3.0. No known workarounds are available except upgrading.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
9.1
Impact score
6
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Severity
CRITICAL

Weaknesses

security-advisories@github.com
CWE-862

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. 🌐 EQST Insight - Research & Technique ✨ Title - XWiki Remote Code Execution Vulnerability (CVE-2024-55879) 💡details https://t.co/l2Ir6DVSNE 💡summary - On December 12, 2024, a remote code execution vulnerability of XWiki(CVE-2024-55879) was publicly disclosed. - This…

    @EQSTLab

    26 Feb 2025

    48 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  2. CVE-2024-55879 XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote cod… https://t.co/orUPcJjrch

    @CVEnew

    13 Dec 2024

    216 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  3. CVE-2024-55879 Arbitrary Remote Code Execution in XWiki Platform Pre-16.3.0 https://t.co/VrKR5l04hz Customizable Vulnerability Alerts: https://t.co/U7998fz7yk

    @VulmonFeeds

    13 Dec 2024

    20 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

  4. [CVE-2024-55879: CRITICAL] Security alert: XWiki Platform vulnerability found! Upgrade to versions 15.10.9 or 16.3.0 immediately to prevent remote code execution risks. Confirmed by developers, no workarounds ava...#cybersecurity,#vulnerability https://t.co/Sc3NrjmRV0 https://t.c

    @CveFindCom

    12 Dec 2024

    11 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References