CVE-2024-55876
CVSS 3.0 Score 5.4 of 10 (medium)
Details
Summary
CVE-2024-55876 is a vulnerability affecting the XWiki Platform, a popular wiki solution. Prior to versions 15.10.9 and 16.3.0, this vulnerability allowed any user on the main wiki to execute scheduling operations in subwikis without proper authorization. To exploit this, a user would only need to view the document "Scheduler.WebHome" in a subwiki and click on any operation, such as "Trigger," within a job. Successful execution of these operations indicates a vulnerable instance. The vulnerability has been addressed in versions 15.10.9 and 16.3.0. As a temporary solution, users with subwikis where the Job Scheduler is enabled can edit the related objects on "Scheduler.WebPreferences" to apply the patch.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.