Warning: A Critical Vulnerability Affects XWiki Platform
CVE-2024-37899 :CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)
Sources
https://jira.xwiki.org/browse/XWIKI-21611
Risks
Description
CVE-2024-37889: Remote Command Execution (RCE)
When an XWiki administrator disables a user account, the user's profile is executed with the administrator's rights.
An attacker can place malicious code in the “about” section of his user profile and ask an administrator to disable his account for the malicious code to execute.
Recommended Actions
Patch
The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.
The vulnerability is patched in the following versions of XWiki:
16.0.0, 15.5.5, 15.10.6, 14.10.21
Monitor/Detect
The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.
In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident
While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.