CVE-2024-31984

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 10, 2024
Updated: Apr 11, 2024
CWE ID 95

Summary

CVE-2024-31984 is a critical vulnerability in XWiki Platform, affecting versions prior to 4.10.20, 15.5.4, and 15.10-rc-1. By creating a document with a specially crafted title, an attacker can exploit this vulnerability to trigger remote code execution in the Solr-based search feature of XWiki. This allows any user with the ability to edit the title of a space to execute arbitrary Groovy code, compromising the confidentiality, integrity, and availability of the entire XWiki installation. The vulnerability has been patched in versions 14.10.20, 15.5.4, and 15.10 RC1, but as a workaround, users can manually apply the patch to the Main.SolrSpaceFacet page. The severity of this vulnerability is rated as critical with a base score of 9.9 according to CVSS v3.1 standards.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31984 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options