Description

XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` rights on the server. This vulnerability has been fixed in XWiki 15.10.9 and 16.3.0. Since `Extension Repository Application` is not mandatory, it can be safely disabled on instances that do not use it as a workaround. It is also possible to manually apply the patches from commit 8659f17d500522bf33595e402391592a35a162e8 to the page `ExtensionCode.ExtensionSheet` and to the page `ExtensionCode.ExtensionAuthorsDisplayer`.

INFO

Published Date :

2024-12-12T17:25:26.297Z

Last Modified :

2024-12-13T14:59:39.724Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55662 vulnerability.

Vendors Products
Xwiki
  • Xwiki
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55662.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/8659f17d500522bf33595e402391592a35a162e8 cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j2pq-22jj-4pm5 cve-icon cve-icon
https://jira.xwiki.org/browse/XWIKI-21890 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact