CVSS: 9.9EPSS: 49%CPEs: 3EXPL: 0CVE-2024-31981 – XWiki Platform: Privilege escalation (PR) from user registration through PDFClass
https://notcve.org/view.php?id=CVE-2024-31981
10 Apr 2024 — XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside ... • https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3 • CWE-862: Missing Authorization •
CVSS: 9.9EPSS: 49%CPEs: 3EXPL: 0CVE-2024-31465 – XWiki Platform: Remote code execution from account via SearchSuggestSourceSheet
https://notcve.org/view.php?id=CVE-2024-31465
10 Apr 2024 — XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.20, 15.5.4, and 15.9-rc-1, any user with edit right on any page can execute any code on the server by adding an object of type `XWiki.SearchSuggestSourceClass` to their user profile or any other page. This compromises the confidentiality, integrity and availability of the whole XWiki installation. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10 RC1. As a workaround, manually apply the ... • https://github.com/xwiki/xwiki-platform/commit/0317a3aa78065e66c86fc725976b06bf7f9b446e • CWE-95: Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') •
CVSS: 6.8EPSS: 0%CPEs: 3EXPL: 0CVE-2024-31464 – XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
https://notcve.org/view.php?id=CVE-2024-31464
10 Apr 2024 — XWiki Platform is a generic wiki platform. Starting in version 5.0-rc-1 and prior to versions 14.10.19, 15.5.4, and 15.9-rc-1, it is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. With the default right scheme in XWiki this vulnerability is normally prevented on user profiles,... • https://github.com/xwiki/xwiki-platform/commit/9075668a4135cce114ef2a4b72eba3161a9e94c4 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •