CVE-2024-31981

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 10, 2024
Updated: Apr 11, 2024
CWE ID 862

Summary

CVE-2024-31981 is a vulnerability in the XWiki Platform, a generic wiki platform. Versions 3.0.1 and earlier are affected, while versions 4.10.20, 15.5.4, and 15.10-rc-1 have been patched. The vulnerability allows for remote code execution through PDF export templates. Organizations can remediate this by upgrading to the patched versions or by creating a document called XWiki.PDFClass and blocking its edition if PDF templates are not typically used on the instance, ensuring it does not contain a style attribute. The potential danger of this vulnerability is high, with a base severity of CRITICAL and impacts to integrity and confidentiality being high as well.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31981 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options