CVE-2024-31987 — CRITICAL (9.9)

Q: How severe is CVE-2024-31987?

CVE-2024-31987 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Q: Is there a patch for CVE-2024-31987?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.

Vulnerability Description

XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a custom skin with a template override that is executed with programming right, thus allowing remote code execution. This has been patched in XWiki 14.10.19, 15.5.4 and 15.10RC1. No known workarounds are available except for upgrading.

CVSS Score

9.9

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Xwiki	Xwiki	>= 6.4, < 14.10.19

Related Weaknesses (CWE)

CWE-862

References

FAQ

What is CVE-2024-31987?

CVE-2024-31987 is a vulnerability with a CVSS score of 9.9 (CRITICAL). XWiki Platform is a generic wiki platform. Starting in version 6.4-milestone-1 and prior to versions 4.10.19, 15.5.4, and 15.10-rc-1, any user who can edit any page like their profile can create a cus...

How severe is CVE-2024-31987?

CVE-2024-31987 has been rated CRITICAL with a CVSS base score of 9.9/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2024-31987?

Check the references section above for vendor advisories and patch information. Affected products include: Xwiki Xwiki.