CVSS 3.1 Score 5.4 of 10 (medium)


Published Apr 10, 2024
Updated: Apr 11, 2024
CWE ID 352


CVE-2024-31985 is a vulnerability in XWiki Platform, a generic wiki platform. Versions 3.1 and prior to 4.10.20, 15.5.4, and 15.10-rc-1 are affected. The vulnerability allows an admin to schedule/trigger/unschedule existing jobs by visiting the Job Scheduler page through a predictable URL, which can be embedded in any content as an image. The issue has been resolved in XWiki versions 14.10.19, 15.5.5, and 15.9. As a workaround, the patch can be manually applied by modifying the Scheduler.WebHome page. The vulnerability has a base severity of MEDIUM with low integrity impact and no confidentiality impact, requiring user interaction over a network for exploitation.

Note: The provided information is limited and additional details may be required for a comprehensive understanding of the vulnerability and its potential impact on organizations using XWiki Platform.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2024-31985 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options