Description

XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.

INFO

Published Date :

2024-12-12T18:59:49.733Z

Last Modified :

2024-12-13T14:55:19.672Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-55876 vulnerability.

Vendors Products
Xwiki
  • Xwiki
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-55876.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/54bcc5a7a2e440cc591b91eece9c13dc0c487331 cve-icon cve-icon
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6 cve-icon cve-icon
https://jira.xwiki.org/browse/XWIKI-21663 cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact
Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact