Overview
The CVE-2024-21651 vulnerability exists within the XWiki Platform, a widely used generic wiki platform. This vulnerability, caused by a malformed TAR file, could lead to a denial of service issue via CPU consumption. It presents a serious threat to the integrity and availability of systems that have not updated to the patched versions of XWiki.
Vulnerability Summary
CVE ID: CVE-2024-21651
Severity: High (7.5)
Attack Vector: Network
Privileges Required: Low
User Interaction: Required
Impact: Denial of service, potential system compromise, and potential data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
XWiki Platform | Versions before 14.10.18, 15.5.3, and 15.8 RC1
How the Exploit Works
An attacker, with the ability to attach a file to a page, can post a malformed TAR file by manipulating file modification times headers. When this file is parsed by Tika, it could result in excessive CPU consumption, causing a denial of service. The attacker could potentially leverage this to compromise the system or leak sensitive data.
Conceptual Example Code
While the specifics of the exploit vary based on the system’s configuration and the attacker’s methods, a conceptual example of a malicious file upload might look like this:
POST /upload/file HTTP/1.1
Host: target.example.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="malformed.tar"
Content-Type: application/x-tar
[Binary data]
------WebKitFormBoundary7MA4YWxkTrZu0gW--
In this example, the attacker is posting a malformed TAR file to the XWiki page, which could trigger the vulnerability.
Mitigation Guidance
It is highly recommended to apply the patches provided by XWiki in versions 14.10.18, 15.5.3, and 15.8 RC1. If this is not immediately possible, consider using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) as a temporary mitigation strategy.
