CVE-2024-31465

Summary

CVE-2024-31465 is a vulnerability affecting the XWiki Platform, a widely-used wiki solution. In versions prior to 14.10.20, 15.5.4, and 15.9-rc1, any user with edit rights can execute arbitrary code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their profile or any page. This vulnerability poses a significant risk to the confidentiality, integrity, and availability of an XWiki installation. Users are advised to upgrade to XWiki 14.10.20, 15.5.4, or 15.10 RC1 to address this issue. As a temporary workaround, users can manually apply the patch to the `XWiki.SearchSuggestSourceSheet` document.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.