Main Vulnerability Database Vulnerabilities #VU125595

#VU125595 Missing Authorization in XWiki platform - CVE-2024-55876

Published: December 12, 2024 / Updated: April 9, 2026

Vulnerability identifier: #VU125595

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-55876

CWE-ID: CWE-862

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
XWiki platform

Software vendor:
XWiki

Description

The vulnerability allows a remote user to perform scheduling operations on subwikis for any main wiki user.

The vulnerability exists due to improper access control in Scheduler.WebHome when handling scheduling operation requests in a subwiki. A remote user can trigger job operations to perform scheduling operations on subwikis for any main wiki user.

Only subwikis with the job scheduler enabled are vulnerable.

Remediation

Install security update from vendor's website.

External links

https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-cwq6-mjmx-47p6

#VU125595 Missing Authorization in XWiki platform - CVE-2024-55876

Description

Remediation

External links

Please verify you're human