CVE-2024-21648

CVSS 3.1 Score 8.8 of 10 (high)

Details

Published Jan 9, 2024

Updated: Jan 12, 2024

CWE ID 274

Summary

CVE-2024-21648 is a vulnerability affecting the XWiki Platform, a wiki solution that offers runtime services for applications. The issue lies in the rollback function, which lacks sufficient access control. A user can exploit this flaw to regain unauthorized rights by rolling back a page to a previous version. This vulnerability has been mitigated through updates in XWiki versions 14.10.17, 15.5.3, and 15.8-rc-1, where access rights are verified before implementing rollbacks.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Xwiki

Affected Vendors

xwiki

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uEsZ1H
https://www.cve.org/CVERecord?id=CVE-2024-21648
https://nvd.nist.gov/vuln/detail/CVE-2024-21648

Back to Vulnerability Database