XWiki Platform Vulnerability: Disable User Account to Execute Malicious Code
CVE-2024-37899
8HIGH
What is CVE-2024-37899?
The XWiki Platform vulnerability allows a malicious user to escalate privileges by inserting harmful code into their user profile. When an administrator disables the account, the malicious code executes with the administrator's privileges, potentially compromising sensitive data. The flaw occurs when an admin interacts with a modified user profile without proper safeguards in place. Affected users and organizations must upgrade to XWiki versions 14.10.21, 15.5.5, 15.10.6, or 16.0.0, as there are currently no workarounds available.
Affected Version(s)
xwiki-platform >= 13.4.7, <= 13.5 <= 13.4.7, 13.5
xwiki-platform >= 13.10.3, < 14.10.21 < 13.10.3, 14.10.21
xwiki-platform >= 15.0-rc-1, < 15.5.5 < 15.0-rc-1, 15.5.5