FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial
FeedlyFeedly
CVEsCVEs
Threat IntelligenceThreat Intelligence
Threat IntelligenceThreat Intelligence
Log in
ChangelogChangelog
ChangelogChangelog
Log in
Log in
Start Free Trial
Start Free Trial

Exploit
CVE-2024-21650

Improper Neutralization of Directives in Dynamically Evaluated Code ('Eval Injection') (CWE-95)

Published: Jan 8, 2024 / Updated: 10mo ago

010
CVSS 9.8EPSS 0.59%Critical
CVE info copied to clipboard

Summary

XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. This issue allows an attacker to execute arbitrary code by crafting malicious payloads in the "first name" or "last name" fields during user registration. This impacts all installations that have user registration enabled for guests.

Impact

The vulnerability allows attackers to execute arbitrary code on the target system. This can lead to complete system compromise, including unauthorized access to sensitive data, modification of system files, and potential further exploitation of the network. The attack can be carried out remotely without any user interaction or special privileges, making it particularly dangerous.

Exploitation

One proof-of-concept exploit is available on xwiki.org. Its exploitation has been reported by various sources, including vulners.com.

Patch

A patch is available. XWiki has released fixed versions to address this vulnerability. Users should upgrade to XWiki version 15.5.3, 15.7.1, or 14.10.17, depending on their current version.

Mitigation

1. Immediately update XWiki to the latest patched version (15.5.3, 15.7.1, or 14.10.17). 2. If immediate patching is not possible, consider temporarily disabling user registration for guests. 3. Implement strong input validation and sanitization for user registration fields. 4. Monitor system logs for any suspicious activities, especially related to user registration. 5. Conduct a thorough security audit of the XWiki installation to identify any potential compromises.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Timeline

Detection in Vulnerability Scanners

Detection for the vulnerability has been added to Qualys (996555)

Jan 8, 2024 at 12:00 AM
CVE Assignment

NVD published the first details for CVE-2024-21650

Jan 8, 2024 at 8:15 AM
Vendor Advisory

GitHub Advisories released a security advisory.

Jan 8, 2024 at 3:06 PM
First Article

Feedly found the first article mentioning CVE-2024-21650. See article

Jan 8, 2024 at 4:21 PM / National Vulnerability Database
Proof of Concept (PoC) Released

A proof of concept exploit has been released

Jan 11, 2024 at 12:10 PM
EPSS

EPSS Score was set to: 0.59% (Percentile: 75.8%)

Jan 18, 2024 at 2:46 PM
Exploitation in the Wild

Attacks in the wild have been reported by Vulners.com RSS Feed. See article

Jun 28, 2024 at 6:14 PM / Vulners.com RSS Feed
CVSS

A CVSS base score of 9.8 has been assigned.

Oct 28, 2024 at 7:03 PM / nvd
Static CVE Timeline Graph

Affected Systems

Xwiki/xwiki
+null more

Exploits

https://jira.xwiki.org/browse/XWIKI-21173
+null more

Patches

Github Advisory
+null more

Attack Patterns

CAPEC-35: Leverage Executable Code in Non-Executable Files
+null more

Vendor Advisory

[GHSA-rj7p-xjv7-7229] XWiki Remote Code Execution Vulnerability via User Registration
GitHub Advisory Database / 10mo
XWiki is vulnerable to a remote code execution (RCE) attack through its user registration feature. In the administration of your wiki, under "Users & Rights" > "Registration" set the "Registration Successful Message" to the following code: #set($message = $services.localization.render('core.register.successful', 'xwiki/2.1', ['USERLINK', $userName]))

News

Update Thu Jul 4 22:29:55 UTC 2024
Recent Commits to cve:main / 4mo
Update Thu Jul 4 22:29:55 UTC 2024
Exploit for Code Injection in Xwiki exploit
Sploitus.com Exploits RSS Feed / 4mo
Exploit for Code Injection in Xwiki
Vulners.com RSS Feed / 4mo
CVE-2024-21650 Mass Exploit - CVE-2024-21650 - XWiki < Remote code execution...
CPAI-2024-0111
Advisories Archive - Check Point Software / 8mo
The post CPAI-2024-0111 appeared first on Check Point Software .
January 2024 Web Application Vulnerabilities Released
Qualys Notifications / 9mo
This update now includes the detection of vulnerabilities in several commonly used software applications such as WordPress, Apache Solr, Atlassian Confluence Server and Data Center, XWiki, Drupal, and OpenSSL. To address this security concern, users are strongly advised to upgrade to the latest version of Apache Solr .
See 13 more articles and social media posts

CVSS V3.1

Attack Vector:Network
Attack Complexity:Low
Privileges Required:None
User Interaction:None
Scope:Unchanged
Confidentiality:High
Integrity:High
Availability Impact:High

Categories

CVSS 9.8(27010)CWE-95(67)CWE-94(4001)Xwiki(219)

Be the first to know about critical vulnerabilities

Collect, analyze, and share vulnerability reports faster using AI

Feedly Threat Intelligence30-day free trial