{"id":"CVE-2024-31981","summary":"XWiki Platform: Privilege escalation (PR) from user registration through PDFClass","details":"XWiki Platform is a generic wiki platform. Starting in version 3.0.1 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, remote code execution is possible via PDF export templates. This vulnerability has been patched in XWiki 14.10.20, 15.5.4 and 15.10-rc-1. If PDF templates are not typically used on the instance, an administrator can create the document `XWiki.PDFClass` and block its edition, after making sure that it does not contain a `style` attribute. Otherwise, there are no known workarounds aside from upgrading.","aliases":["GHSA-vxwr-wpjv-qjq7"],"modified":"2026-04-10T05:12:34.780228Z","published":"2024-04-10T19:22:57.494Z","database_specific":{"cwe_ids":["CWE-862"],"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31981.json","cna_assigner":"GitHub_M"},"references":[{"type":"WEB","url":"https://jira.xwiki.org/browse/XWIKI-21337"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31981.json"},{"type":"ADVISORY","url":"https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-vxwr-wpjv-qjq7"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2024-31981"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/480186f9d2fca880513da8bc5a609674d106cbd3"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/a4ad14d9c1605a5ab957237e505ebbb29f5b9d73"},{"type":"FIX","url":"https://github.com/xwiki/xwiki-platform/commit/d28e21a670c69880b951e415dd2ddd69d273eae9"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"804f16c0efbf6ba3d08c7ad780b81b7203741d8c"},{"fixed":"2f1129b6da6811479225ab79caf2571452d72402"}],"database_specific":{"versions":[{"introduced":"3.0.1"},{"fixed":"14.10.20"}]}},{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"d823334f762d5ad86bea378b65af0b230668d401"},{"fixed":"0e37972524b5a68c44734112f38a48e746b0909e"}],"database_specific":{"versions":[{"introduced":"15.0-rc-1"},{"fixed":"15.5.4"}]}},{"type":"GIT","repo":"https://github.com/xwiki/xwiki-platform","events":[{"introduced":"201a8cdfdaad44618c79c6dd0c0bb855b446aafb"},{"fixed":"2251e39df282f2a8b2b3581063eb75a8f30d5f30"}],"database_specific":{"versions":[{"introduced":"15.6-rc-1"},{"fixed":"15.10-rc-1"}]}}],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31981.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H"}]}