Lucene search

CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet

🗓️ 31 Jul 2024 15:36:19Reported by GitHub_MType

XWiki Platform remote code execution vulnerabilit

Reporter	Title	Published	Views	Family All 7
OSV	GHSA-H63H-5C77-77P5 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet	31 Jul 202415:24	–	osv
OSV	CVE-2024-37901	31 Jul 202416:15	–	osv
CVE	CVE-2024-37901	31 Jul 202416:15	–	cve
OpenVAS	XWiki 9.2-rc-1 < 14.10.21, 15.0-rc-1 < 15.5.5, 15.6-rc-1 < 15.10.2 RCE Vulnerability (GHSA-h63h-5c77-77p5)	2 Aug 202400:00	–	openvas
NVD	CVE-2024-37901	31 Jul 202416:15	–	nvd
Github Security Blog	XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet	31 Jul 202415:24	–	github
Vulnrichment	CVE-2024-37901 XWiki Platform vulnerable to remote code execution from account via SearchSuggestConfigSheet	31 Jul 202415:19	–	vulnrichment

[
  {
    "vendor": "xwiki",
    "product": "xwiki-platform",
    "versions": [
      {
        "version": ">= 15.6-rc-1, < 15.10.2",
        "status": "affected"
      },
      {
        "version": ">= 15.0-rc-1, < 15.5.5",
        "status": "affected"
      },
      {
        "version": ">= 9.2-rc-1, < 14.10.21",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/xwiki/xwiki-platform/commit/0b135760514fef73db748986a3311f3edd4a553b
jira	www.jira.xwiki.org/browse/XWIKI-21473
github	www.github.com/xwiki/xwiki-platform/commit/9ce3e0319869b6d8131fc4e0909736f7041566a4
github	www.github.com/xwiki/xwiki-platform/commit/742cd4591642be4cdcaf68325f17540e0934e64e
github	www.github.com/xwiki/xwiki-platform/commit/bbde8a4f564e3c28839440076334a9093e2b4834
github	www.github.com/xwiki/xwiki-platform/security/advisories/GHSA-h63h-5c77-77p5

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo