VYPR
Moderate severityNVD Advisory· Published Apr 10, 2024· Updated Aug 2, 2024

XWiki Platform CSRF in the job scheduler

CVE-2024-31985

Description

XWiki Platform is a generic wiki platform. Starting in version 3.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, it is possible to schedule/trigger/unschedule existing jobs by having an admin visit the Job Scheduler page through a predictable URL, for example by embedding such an URL in any content as an image. The vulnerability has been fixed in XWiki 14.10.19, 15.5.5, and 15.9. As a workaround, manually apply the patch by modifying the Scheduler.WebHome page.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.xwiki.platform:xwiki-platform-scheduler-uiMaven
>= 3.1, < 14.10.1914.10.19
org.xwiki.platform:xwiki-platform-scheduler-uiMaven
>= 15.0-rc-1, < 15.5.415.5.4
org.xwiki.platform:xwiki-platform-scheduler-uiMaven
>= 15.6-rc-1, < 15.915.9

Affected products

2

Patches

Vulnerability mechanics

References

8

News mentions

0

No linked articles in our index yet.