Approved changes feed: RSS · Atom
cpe:2.3:a:xwiki:xwiki:1.2:-:*:*:*:*:*:*
part: a version: 1.2 update: -
| Vendor | Xwiki (cdc9c0cd-6ac5-5dc0-9f52-915ebd57f20d) |
|---|---|
| Product | Xwiki (2fad5bf8-5703-5dac-bd8d-95a867c2e84d) |
| Edition | * |
| Language | * |
| Software edition | * |
| Target software | * |
| Target hardware | * |
| Other | * |
| Notes | Imported from NVD CPE 2.0 feed |
PURL mappings
| PURL | Source | Last updated |
|---|---|---|
pkg:docker/xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.676520 |
pkg:github/xwiki/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.676522 |
pkg:gitlab/q-phillips/xwiki-platform |
purl2cpe | 2026-06-01 10:18:15.676523 |
pkg:xwiki/xwiki |
purl2cpe | 2026-06-01 10:18:15.676524 |
Vulnerability references
| Identifier | cpeApplicability | Submitted | db.gcve.eu details | Rationale |
|---|---|---|---|---|
CVE:CVE-2024-55876 |
vulnerable | 2026-06-03 14:57:42.194689 |
XWiki's scheduler in subwiki allows scheduling operations for any main wiki user
MEDIUM (5.4)
XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wiki without any special right, view the document `Scheduler.WebHome` in a subwiki. Then, click on any operation (*e.g.,* Trigger) on any job. If the operation is successful, then the instance is vulnerable. This has been patched in XWiki 15.10.9 and 16.3.0. As a workaround, those who have subwikis where the Job Scheduler is enabled can edit the objects on `Scheduler.WebPreferences` to match the patch.
Published: 2024-12-12T18:59:49.733Z
Updated: 2024-12-13T14:55:19.672Z |
Imported from gcve-enriched-dumps CVE data |
Contribute
You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.