www.belgium.be Logo of the federal government

Warning: A Critical Vulnerability Affects XWiki Platform

Reference: 
Advisory #2024-94
Version: 
1.0
Affected software: 
XWiki Platform versions >= 13.4.7, < 13.5, >= 13.10.3, < 14.10.21, >= 15.0-rc-1, < 15.5.5, >= 15.6-rc-1, < 15.10. >= 16.0.0-rc-1, < 16.0.0
Type: 
Remote Code Execution (RCE)
CVE/CVSS: 

CVE-2024-37899 :CVSS 9.1 (CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H)

Sources

https://jira.xwiki.org/browse/XWIKI-21611

Risks

XWiki is a development platform that allows to customize wiki pages to specific needs. 
 
The present remote code execution vulnerability has a HIGH impact on Confidentiality, Integrity and Availability.

Description

CVE-2024-37889: Remote Command Execution (RCE)

When an XWiki administrator disables a user account, the user's profile is executed with the administrator's rights.

An attacker can place malicious code in the “about” section of his user profile and ask an administrator to disable his account for the malicious code to execute.

Recommended Actions

Patch

The Centre for Cybersecurity Belgium strongly recommends installing updates for any of the vulnerable software mentioned in the present advisory.

The vulnerability is patched in the following versions of XWiki:
16.0.015.5.515.10.614.10.21

Monitor/Detect

The CCB recommends organizations upscale monitoring and detection capabilities to identify any related suspicious activity, ensuring a swift response in case of an intrusion.

In case of an intrusion, you can report an incident via: https://cert.be/en/report-incident

While patching appliances or software to the newest version may provide safety from future exploitation, it does not remediate historic compromise.

References

https://github.com/advisories/GHSA-j584-j2vj-3f93