Protect your XWiki Platform from Malicious File Attachments

CVECVE-2024-21651
CVSScvssV3_1: 7.5
SourceCVE-2024-21651

XWiki Platform is an open source wiki software that allows users to collaborate by attaching files to pages. However, a vulnerability was discovered that could allow a malicious user to crash the server by attaching a specially crafted TAR file.

The vulnerability lies in how XWiki handles file modification times stored in TAR file headers. By manipulating these times, an attacker could create a file that causes the server to spend excessive resources parsing it. This could lead to a denial of service where legitimate users cannot access the wiki.

The attack is carried out by simply uploading a malicious TAR file to a wiki page. When another user or the server tries to open the attached file, it would crash due to the processing required.

Luckily, the XWiki developers have released patches to fix this issue. It is important that all XWiki Platform servers are updated to the latest 14.10.18, 15.5.3 or 15.8 RC1 version. Admins should also monitor for unusual CPU usage in case of an attempt exploit.

To stay protected, users should only download files from trusted sources and avoid opening unexpected file attachments. Keeping your XWiki server updated with the latest patches is also critical to prevent denial of service attacks from malicious file uploads.

References