CVE-2024-31983
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-31983
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31983.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-31983
- Aliases
- Published
- 2024-04-10T19:44:48.503Z
- Modified
- 2025-12-05T04:20:05.395963Z
- Severity
-
- 9.9 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- XWiki Platform: Remote code execution from edit in multilingual wikis via translations
- Details
-
XWiki Platform is a generic wiki platform. In multilingual wikis, translations can be edited by any user who has edit right, circumventing the rights that are normally required for authoring translations (script right for user-scope translations, wiki admin for translations on the wiki). Starting in version 4.3-milestone-2 and prior to versions 4.10.20, 15.5.4, and 15.10-rc-1, this can be exploited for remote code execution if the translation value is not properly escaped where it is used. This has been patched in XWiki 14.10.20, 15.5.4 and 15.10RC1. As a workaround, one may restrict edit rights on documents that contain translations.
- Database specific
{ "cwe_ids": [ "CWE-862" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31983.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/31xxx/CVE-2024-31983.json
- https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9
- https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb
- https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54
- https://github.com/xwiki/xwiki-platform/security/advisories/GHSA-xxp2-9c9g-7wmj
- https://jira.xwiki.org/browse/XWIKI-21411
- https://nvd.nist.gov/vuln/detail/CVE-2024-31983
Affected packages
Git / github.com/xwiki/xwiki-commons
Git / github.com/xwiki/xwiki-platform
Affected ranges
- Type
- GIT
- Repo
- https://github.com/xwiki/xwiki-platform
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixedFixedFixed
Affected versions
xwiki-application-calendar-1.*
xwiki-application-calendar-1.0
xwiki-platform-7.*
xwiki-platform-7.3-milestone-2
xwiki-platform-7.4-milestone-1
xwiki-platform-7.4-milestone-2
xwiki-platform-8.*
xwiki-platform-8.0-milestone-1
xwiki-platform-8.0-milestone-2
xwiki-platform-8.1-milestone-1
xwiki-platform-8.1-milestone-2
xwiki-platform-8.2-milestone-1
xwiki-platform-8.2-milestone-2
xwiki-platform-8.3-milestone-1
xwiki-platform-9.*
xwiki-platform-9.9-rc-2
xwiki-plugin-tag-1.*
xwiki-plugin-tag-1.1
Database specific
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-31983.json"
vanir_signatures
[
{
"deprecated": false,
"id": "CVE-2024-31983-0e60885e",
"digest": {
"length": 1036.0,
"function_hash": "151135842143981072947722108305122526939"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java",
"function": "loadDocumentLocaleBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-105a64f0",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274271258374365781330357626330005789560",
"260149894759516629884101891928836235965",
"302402277244648242673020653383431870260",
"262593543434328668597882527276179895636",
"248011687944179956748800992966556775111",
"161927528028145026328167577416703752406",
"13180351338109287825472776270921829738",
"250908596849608142213698911159373391297",
"35125987104994600504494793759174076547",
"235474756847080315869818811690343151930",
"72793715942883893672404522173315392217",
"36182826337372632708222101313404496436",
"85162312525221417724773438929846771353",
"96747086595002066450192269207466406849",
"112987617498195444384354600718981140397",
"102452173746307191697404210335774077908",
"89063259479094424510504083664394975691",
"133957906935660582285076820129467902055",
"159169097522573399508478321300398167626",
"75964060998047714834308117816907549430",
"48186766865401872000143257439157065062",
"327132603646979336151926508299737063181",
"321354617241125158642338031226124967166",
"127587223643296349467344169871685855109",
"155677271000518047775708414702433752427"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-2157870d",
"digest": {
"length": 542.0,
"function_hash": "73053109281261338049580027779933005944"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "checkRegistrationAuthorization"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-2186d047",
"digest": {
"length": 1036.0,
"function_hash": "151135842143981072947722108305122526939"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java",
"function": "loadDocumentLocaleBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-405e8007",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202929250396593813491453339532181865334",
"141304119228885447136766127919803423660",
"140738649173487151457449712212355946842",
"123705525107718155444675119617484563968",
"46713555155752087658577189807274465938",
"283363787831606696192125017213292641740",
"110482910629890816694263500922914604886",
"177311155714554393682197277674007099771",
"203625753070525508736977949170940444830",
"236479812235241702429342165537118294661",
"300365874578159507751700718720963116820",
"108911795938614908616930986165405856151",
"292709218670916717845776127287365629223",
"279957158072089897883250161219391425995",
"152265264438136447095982930140311918900",
"72983939385694040298761076278328126058",
"199118127272682532586850773522529804996",
"173128751414602659009852978497754331166",
"181616473855900038704411082354508164521",
"227518027588035441242308302024824546321",
"33899169480530819437169242788662724304"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-49e89b5b",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202929250396593813491453339532181865334",
"141304119228885447136766127919803423660",
"140738649173487151457449712212355946842",
"123705525107718155444675119617484563968",
"46713555155752087658577189807274465938",
"283363787831606696192125017213292641740",
"110482910629890816694263500922914604886",
"177311155714554393682197277674007099771",
"203625753070525508736977949170940444830",
"236479812235241702429342165537118294661",
"300365874578159507751700718720963116820",
"108911795938614908616930986165405856151",
"292709218670916717845776127287365629223",
"279957158072089897883250161219391425995",
"152265264438136447095982930140311918900",
"72983939385694040298761076278328126058",
"199118127272682532586850773522529804996",
"173128751414602659009852978497754331166",
"181616473855900038704411082354508164521",
"227518027588035441242308302024824546321",
"33899169480530819437169242788662724304"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-5e9b9f13",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274271258374365781330357626330005789560",
"260149894759516629884101891928836235965",
"302402277244648242673020653383431870260",
"262593543434328668597882527276179895636",
"248011687944179956748800992966556775111",
"161927528028145026328167577416703752406",
"13180351338109287825472776270921829738",
"250908596849608142213698911159373391297",
"35125987104994600504494793759174076547",
"235474756847080315869818811690343151930",
"72793715942883893672404522173315392217",
"36182826337372632708222101313404496436",
"85162312525221417724773438929846771353",
"96747086595002066450192269207466406849",
"112987617498195444384354600718981140397",
"102452173746307191697404210335774077908",
"89063259479094424510504083664394975691",
"133957906935660582285076820129467902055",
"159169097522573399508478321300398167626",
"75964060998047714834308117816907549430",
"48186766865401872000143257439157065062",
"327132603646979336151926508299737063181",
"321354617241125158642338031226124967166",
"127587223643296349467344169871685855109",
"155677271000518047775708414702433752427"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-5fb2a7ed",
"digest": {
"threshold": 0.9,
"line_hashes": [
"194805990363387788155686706735776741549",
"263769114690504186420190192340310883237",
"201492588442257636483695068982914484073",
"294717473084541954418933200871791948397",
"296590142135470077905043494834919063956",
"216688850638657786636742346326059375619",
"142025995082400711424808263489885600767",
"245368275799913879081424420781568615285",
"326449708823131446168577067097978055356",
"301032689373174320086870130683600020560",
"236367050995971445110169521228711422899",
"259350006493902960055700036615138688319",
"338012084948003893516251420592021774228",
"198606287836360922487559447759915268001",
"6637071548033920365625961114811375508"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-75b8a02d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"194805990363387788155686706735776741549",
"263769114690504186420190192340310883237",
"201492588442257636483695068982914484073",
"294717473084541954418933200871791948397",
"296590142135470077905043494834919063956",
"216688850638657786636742346326059375619",
"142025995082400711424808263489885600767",
"245368275799913879081424420781568615285",
"326449708823131446168577067097978055356",
"301032689373174320086870130683600020560",
"236367050995971445110169521228711422899",
"259350006493902960055700036615138688319",
"338012084948003893516251420592021774228",
"198606287836360922487559447759915268001",
"6637071548033920365625961114811375508"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-7dc701eb",
"digest": {
"length": 341.0,
"function_hash": "106389481400455844157432121179774592942"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "createComponentDocumentBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-957dba6b",
"digest": {
"length": 181.0,
"function_hash": "166596379580804787215524669175657204836"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java",
"function": "ComponentDocumentTranslationBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-9ad4ce35",
"digest": {
"length": 341.0,
"function_hash": "106389481400455844157432121179774592942"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "createComponentDocumentBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-a25f6f1d",
"digest": {
"length": 181.0,
"function_hash": "166596379580804787215524669175657204836"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java",
"function": "ComponentDocumentTranslationBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-c79f8b1d",
"digest": {
"threshold": 0.9,
"line_hashes": [
"274271258374365781330357626330005789560",
"260149894759516629884101891928836235965",
"302402277244648242673020653383431870260",
"262593543434328668597882527276179895636",
"248011687944179956748800992966556775111",
"161927528028145026328167577416703752406",
"13180351338109287825472776270921829738",
"250908596849608142213698911159373391297",
"35125987104994600504494793759174076547",
"235474756847080315869818811690343151930",
"72793715942883893672404522173315392217",
"36182826337372632708222101313404496436",
"85162312525221417724773438929846771353",
"96747086595002066450192269207466406849",
"112987617498195444384354600718981140397",
"102452173746307191697404210335774077908",
"89063259479094424510504083664394975691",
"133957906935660582285076820129467902055",
"159169097522573399508478321300398167626",
"75964060998047714834308117816907549430",
"48186766865401872000143257439157065062",
"327132603646979336151926508299737063181",
"321354617241125158642338031226124967166",
"127587223643296349467344169871685855109",
"155677271000518047775708414702433752427"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-ccb20aa5",
"digest": {
"threshold": 0.9,
"line_hashes": [
"194805990363387788155686706735776741549",
"263769114690504186420190192340310883237",
"201492588442257636483695068982914484073",
"294717473084541954418933200871791948397",
"296590142135470077905043494834919063956",
"216688850638657786636742346326059375619",
"142025995082400711424808263489885600767",
"245368275799913879081424420781568615285",
"326449708823131446168577067097978055356",
"301032689373174320086870130683600020560",
"236367050995971445110169521228711422899",
"259350006493902960055700036615138688319",
"338012084948003893516251420592021774228",
"198606287836360922487559447759915268001",
"6637071548033920365625961114811375508"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-cd6d61f9",
"digest": {
"length": 181.0,
"function_hash": "166596379580804787215524669175657204836"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/ComponentDocumentTranslationBundle.java",
"function": "ComponentDocumentTranslationBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-d9173c75",
"digest": {
"length": 542.0,
"function_hash": "73053109281261338049580027779933005944"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/73aef9648bbff04b697837f1b906932f0d5caacb",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "checkRegistrationAuthorization"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-d95fcb21",
"digest": {
"length": 341.0,
"function_hash": "106389481400455844157432121179774592942"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/c4c8d61c30de72298d805ccc82df2a307f131c54",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "createComponentDocumentBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-de8d9ca2",
"digest": {
"length": 1036.0,
"function_hash": "151135842143981072947722108305122526939"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java",
"function": "loadDocumentLocaleBundle"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-e7f1d63a",
"digest": {
"threshold": 0.9,
"line_hashes": [
"202929250396593813491453339532181865334",
"141304119228885447136766127919803423660",
"140738649173487151457449712212355946842",
"123705525107718155444675119617484563968",
"46713555155752087658577189807274465938",
"283363787831606696192125017213292641740",
"110482910629890816694263500922914604886",
"177311155714554393682197277674007099771",
"203625753070525508736977949170940444830",
"236479812235241702429342165537118294661",
"300365874578159507751700718720963116820",
"108911795938614908616930986165405856151",
"292709218670916717845776127287365629223",
"279957158072089897883250161219391425995",
"152265264438136447095982930140311918900",
"72983939385694040298761076278328126058",
"199118127272682532586850773522529804996",
"173128751414602659009852978497754331166",
"181616473855900038704411082354508164521",
"227518027588035441242308302024824546321",
"33899169480530819437169242788662724304"
]
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Line",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/AbstractDocumentTranslationBundle.java"
}
},
{
"deprecated": false,
"id": "CVE-2024-31983-fba64ba8",
"digest": {
"length": 542.0,
"function_hash": "73053109281261338049580027779933005944"
},
"source": "https://github.com/xwiki/xwiki-platform/commit/2a9ce88f33663c53c9c63b2ea573f4720ea2efb9",
"signature_version": "v1",
"signature_type": "Function",
"target": {
"file": "xwiki-platform-core/xwiki-platform-localization/xwiki-platform-localization-sources/xwiki-platform-localization-source-wiki/src/main/java/org/xwiki/localization/wiki/internal/DocumentTranslationBundleFactory.java",
"function": "checkRegistrationAuthorization"
}
}
]