4.3
MEDIUM
CVE-2024-37898
XWiki Platform Page Deletion Privilege Escalation
Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.

INFO

Published Date :

July 31, 2024, 4:15 p.m.

Last Modified :

Sept. 6, 2024, 9:16 p.m.

Source :

[email protected]

Remotely Exploitable :

Yes !

Impact Score :

1.4

Exploitability Score :

2.8
Affected Products

The following products are affected by CVE-2024-37898 vulnerability. Even if cvefeed.io is aware of the exact versions of the products that are affected, the information is not represented in the table below.

ID Vendor Product Action
1 Xwiki xwiki
: Total Affected Vendor : 1 | Products : 1
References to Advisories, Solutions, and Tools

Here, you will find a curated list of external links that provide in-depth information, practical solutions, and valuable tools related to CVE-2024-37898.

URL Resource
https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e Patch
https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5 Patch
https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f Patch
https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009 Patch
https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq Vendor Advisory
https://jira.xwiki.org/browse/XWIKI-21553 Issue Tracking

We scan GitHub repositories to detect new proof-of-concept exploits. Following list is a collection of public exploits and proof-of-concepts, which have been published on GitHub (sorted by the most recently updated).

Results are limited to the first 15 repositories due to potential performance issues.

The following list is the news that have been mention CVE-2024-37898 vulnerability anywhere in the article.

The following table lists the changes that have been made to the CVE-2024-37898 vulnerability over time.

Vulnerability history details can be useful for understanding the evolution of a vulnerability, and for identifying the most recent changes that may impact the vulnerability's severity, exploitability, or other characteristics.

  • Initial Analysis by [email protected]

    Sep. 06, 2024

    Action Type Old Value New Value
    Added CVSS V3.1 NIST AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
    Changed Reference Type https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e No Types Assigned https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e Patch
    Changed Reference Type https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5 No Types Assigned https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5 Patch
    Changed Reference Type https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f No Types Assigned https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f Patch
    Changed Reference Type https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009 No Types Assigned https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009 Patch
    Changed Reference Type https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq No Types Assigned https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq Vendor Advisory
    Changed Reference Type https://jira.xwiki.org/browse/XWIKI-21553 No Types Assigned https://jira.xwiki.org/browse/XWIKI-21553 Issue Tracking
    Added CWE NIST CWE-862
    Added CPE Configuration OR *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 13.10.4 up to (excluding) 14.0 *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 14.2 up to (excluding) 14.10.21 *cpe:2.3:a:xwiki:xwiki:15.0:-:*:*:*:*:*:* *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (excluding) 15.0 up to (excluding) 15.5.5 *cpe:2.3:a:xwiki:xwiki:*:*:*:*:*:*:*:* versions from (including) 15.6 up to (excluding) 15.10.6
  • CVE Received by [email protected]

    Jul. 31, 2024

    Action Type Old Value New Value
    Added Description XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When a user has view but not edit right on a page in XWiki, that user can delete the page and replace it by a page with new content without having delete right. The previous version of the page is moved into the recycle bin and can be restored from there by an admin. As the user is recorded as deleter, the user would in theory also be able to view the deleted content, but this is not directly possible as rights of the previous version are transferred to the new page and thus the user still doesn't have view right on the page. It therefore doesn't seem to be possible to exploit this to gain any rights. This has been patched in XWiki 14.10.21, 15.5.5 and 15.10.6 by cancelling save operations by users when a new document shall be saved despite the document's existing already.
    Added Reference GitHub, Inc. https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-33gp-gmg3-hfpq [No types assigned]
    Added Reference GitHub, Inc. https://github.com/xwiki/xwiki-platform/commit/0bc27d6ec63c8a505ff950e2d1792cb4f773c22e [No types assigned]
    Added Reference GitHub, Inc. https://github.com/xwiki/xwiki-platform/commit/56f5d8aab7371d5ba891168f73890806551322c5 [No types assigned]
    Added Reference GitHub, Inc. https://github.com/xwiki/xwiki-platform/commit/c5efc1e519e710afdf3c5f40c0fcc300ad77149f [No types assigned]
    Added Reference GitHub, Inc. https://github.com/xwiki/xwiki-platform/commit/e4968fe268e5644ffd9bfa4ef6257d2796446009 [No types assigned]
    Added Reference GitHub, Inc. https://jira.xwiki.org/browse/XWIKI-21553 [No types assigned]
    Added CWE GitHub, Inc. CWE-862
    Added CVSS V3.1 GitHub, Inc. AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS is a daily estimate of the probability of exploitation activity being observed over the next 30 days. Following chart shows the EPSS score history of the vulnerability.
CWE - Common Weakness Enumeration

While CVE identifies specific instances of vulnerabilities, CWE categorizes the common flaws or weaknesses that can lead to vulnerabilities. CVE-2024-37898 is associated with the following CWEs:

Common Attack Pattern Enumeration and Classification (CAPEC)

Common Attack Pattern Enumeration and Classification (CAPEC) stores attack patterns, which are descriptions of the common attributes and approaches employed by adversaries to exploit the CVE-2024-37898 weaknesses.

CVSS31 - Vulnerability Scoring System
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
: