{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-37899", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-06-10T19:54:41.362Z", "datePublished": "2024-06-20T22:13:59.450Z", "dateUpdated": "2024-08-13T13:51:01.754Z"}, "containers": {"cna": {"title": "Disabling a user account changes its author, allowing RCE from user account in XWiki", "problemTypes": [{"descriptions": [{"cweId": "CWE-94", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}}], "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "tags": ["x_refsource_MISC"], "url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21611", "tags": ["x_refsource_MISC"], "url": "https://jira.xwiki.org/browse/XWIKI-21611"}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"version": ">= 13.4.7, <= 13.5", "status": "affected"}, {"version": ">= 13.10.3, < 14.10.21", "status": "affected"}, {"version": ">= 15.0-rc-1, < 15.5.5", "status": "affected"}, {"version": ">= 15.6-rc-1, < 15.10.6", "status": "affected"}, {"version": ">= 16.0.0-rc-1, < 16.0.0", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-20T22:13:59.450Z"}, "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{/groovy}}`.\nAs an admin, go to the user profile and click the \"Disable this account\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### Workarounds\nWe're not aware of any workaround except upgrading.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21611\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\n"}], "source": {"advisory": "GHSA-j584-j2vj-3f93", "discovery": "UNKNOWN"}}, "adp": [{"affected": [{"vendor": "xwiki", "product": "xwiki", "cpes": ["cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "13.4.7", "status": "affected", "lessThanOrEqual": "13.5", "versionType": "custom"}, {"version": "13.10.3", "status": "affected", "lessThanOrEqual": "14.10.21", "versionType": "custom"}, {"version": "15.0-rc-1", "status": "affected", "lessThan": "15.5.5", "versionType": "custom"}, {"version": "15.6-rc-1,", "status": "affected", "lessThan": "15.10.6", "versionType": "custom"}, {"version": "16.0.0-rc-1,", "status": "affected", "lessThan": "16.0.0", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-06-27T18:36:25.554418Z", "id": "CVE-2024-37899", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-08-13T13:51:01.754Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:23.403Z"}, "title": "CVE Program Container", "references": [{"name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"}, {"name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"}, {"name": "https://jira.xwiki.org/browse/XWIKI-21611", "tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.xwiki.org/browse/XWIKI-21611"}]}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-21611", "name": "https://jira.xwiki.org/browse/XWIKI-21611", "tags": ["x_refsource_MISC", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T04:04:23.403Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-37899", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2024-06-27T18:36:25.554418Z"}}}], "affected": [{"cpes": ["cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*"], "vendor": "xwiki", "product": "xwiki", "versions": [{"status": "affected", "version": "13.4.7", "versionType": "custom", "lessThanOrEqual": "13.5"}, {"status": "affected", "version": "13.10.3", "versionType": "custom", "lessThanOrEqual": "14.10.21"}, {"status": "affected", "version": "15.0-rc-1", "lessThan": "15.5.5", "versionType": "custom"}, {"status": "affected", "version": "15.6-rc-1,", "lessThan": "15.10.6", "versionType": "custom"}, {"status": "affected", "version": "16.0.0-rc-1,", "lessThan": "16.0.0", "versionType": "custom"}], "defaultStatus": "unknown"}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-07-01T14:41:31.191Z"}}], "cna": {"title": "Disabling a user account changes its author, allowing RCE from user account in XWiki", "source": {"advisory": "GHSA-j584-j2vj-3f93", "discovery": "UNKNOWN"}, "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}}], "affected": [{"vendor": "xwiki", "product": "xwiki-platform", "versions": [{"status": "affected", "version": ">= 13.4.7, <= 13.5"}, {"status": "affected", "version": ">= 13.10.3, < 14.10.21"}, {"status": "affected", "version": ">= 15.0-rc-1, < 15.5.5"}, {"status": "affected", "version": ">= 15.6-rc-1, < 15.10.6"}, {"status": "affected", "version": ">= 16.0.0-rc-1, < 16.0.0"}]}], "references": [{"url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "name": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93", "tags": ["x_refsource_CONFIRM"]}, {"url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "name": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a", "tags": ["x_refsource_MISC"]}, {"url": "https://jira.xwiki.org/browse/XWIKI-21611", "name": "https://jira.xwiki.org/browse/XWIKI-21611", "tags": ["x_refsource_MISC"]}], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{/groovy}}`.\nAs an admin, go to the user profile and click the \"Disable this account\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### Workarounds\nWe're not aware of any workaround except upgrading.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21611\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\n"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-94", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-06-20T22:13:59.450Z"}}}, "cveMetadata": {"cveId": "CVE-2024-37899", "state": "PUBLISHED", "dateUpdated": "2024-08-13T13:51:01.754Z", "dateReserved": "2024-06-10T19:54:41.362Z", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "datePublished": "2024-06-20T22:13:59.450Z", "assignerShortName": "GitHub_M"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "C91B88B4-DC83-449D-95B0-DF1A76D37F54", "versionEndExcluding": "14.10.21", "versionStartIncluding": "13.10.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "CA7D00D6-D2DD-4678-A328-5C2A7E96FE48", "versionEndExcluding": "15.5.5", "versionStartIncluding": "15.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "CCB0588B-7F74-423B-9D36-4B8E4F1BA459", "versionEndExcluding": "15.10.6", "versionStartIncluding": "15.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:13.4.7:*:*:*:*:*:*:*", "matchCriteriaId": "5069AD5C-1456-46D2-9193-2B10906D9B70", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:13.5:rc1:*:*:*:*:*:*", "matchCriteriaId": "CAB28BF5-A7F3-4649-BC0F-648E8963038B", "vulnerable": true}, {"criteria": "cpe:2.3:a:xwiki:xwiki:16.0.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "B1CD131A-4CDE-4465-BA81-77A93AFF784B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{/groovy}}`.\nAs an admin, go to the user profile and click the \"Disable this account\" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.\n\n### Workarounds\nWe're not aware of any workaround except upgrading.\n\n### References\n* https://jira.xwiki.org/browse/XWIKI-21611\n* https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a\n"}, {"lang": "es", "value": "XWiki Platform es una plataforma wiki gen\u00e9rica que ofrece servicios de ejecuci\u00f3n para aplicaciones creadas sobre ella. Cuando un administrador desactiva una cuenta de usuario, el perfil del usuario se ejecuta con los derechos de administrador. Esto permite a un usuario colocar c\u00f3digo malicioso en el perfil de usuario antes de que un administrador desactive la cuenta de usuario. Para reproducir, como usuario sin script ni derechos de programaci\u00f3n, edite la secci\u00f3n Acerca de de su perfil de usuario y agregue `{{groovy}}services.logging.getLogger(\"attacker\").error(\"Hello from Groovy!\"){{ /maravilloso}}`. Como administrador, vaya al perfil de usuario y haga clic en el bot\u00f3n \"Desactivar esta cuenta\". Luego, recarga la p\u00e1gina. Si los registros muestran \"atacante - \u00a1Hola desde Groovy!\", entonces la instancia es vulnerable. Esto ha sido parcheado en XWiki 14.10.21, 15.5.5, 15.10.6 y 16.0.0. Se recomienda a los usuarios que actualicen. No se conocen workarounds para esta vulnerabilidad. ### Workarounds no conocemos ning\u00fan workarounds excepto la actualizaci\u00f3n. ### Referencias * https://jira.xwiki.org/browse/XWIKI-21611 * https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"}], "id": "CVE-2024-37899", "lastModified": "2025-02-05T16:01:02.763", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 6.0, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2024-06-20T23:15:52.460", "references": [{"source": "security-advisories@github.com", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"}, {"source": "security-advisories@github.com", "tags": ["Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"}, {"source": "security-advisories@github.com", "tags": ["Exploit", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-21611"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-j584-j2vj-3f93"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Vendor Advisory"], "url": "https://jira.xwiki.org/browse/XWIKI-21611"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}