CVE-2024-55876

CVSS 3.0 Score 5.4 of 10 (medium)

Details

Published Dec 12, 2024
Updated: Dec 13, 2024
CWE ID 862

Summary

CVE-2024-55876 is a vulnerability affecting the XWiki Platform, a popular wiki solution. Prior to versions 15.10.9 and 16.3.0, this vulnerability allowed any user on the main wiki to execute scheduling operations in subwikis without proper authorization. To exploit this, a user would only need to view the document "Scheduler.WebHome" in a subwiki and click on any operation, such as "Trigger," within a job. Successful execution of these operations indicates a vulnerable instance. The vulnerability has been addressed in versions 15.10.9 and 16.3.0. As a temporary solution, users with subwikis where the Job Scheduler is enabled can edit the related objects on "Scheduler.WebPreferences" to apply the patch.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share