Skip to main content

CVE-2024-21651: CWE-400: Uncontrolled Resource Consumption in xwiki xwiki-platform

High
VulnerabilityCVE-2024-21651cvecve-2024-21651cwe-400
Published: Mon Jan 08 2024 (01/08/2024, 23:30:03 UTC)
Source: CVE Database V5
Vendor/Project: xwiki
Product: xwiki-platform

Description

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. A user able to attach a file to a page can post a malformed TAR file by manipulating file modification times headers, which when parsed by Tika, could cause a denial of service issue via CPU consumption. This vulnerability has been patched in XWiki 14.10.18, 15.5.3 and 15.8 RC1.

AI-Powered Analysis

AILast updated: 07/03/2025, 23:42:14 UTC

Technical Analysis

CVE-2024-21651 is a high-severity vulnerability affecting the XWiki Platform, a widely used generic wiki platform that provides runtime services for applications built on top of it. The vulnerability arises from improper handling of TAR file metadata during file attachment processing. Specifically, a user with the ability to attach files to a wiki page can craft a malformed TAR archive by manipulating the file modification time headers. When this malicious TAR file is parsed by Apache Tika, a content analysis toolkit integrated into XWiki for file type detection and metadata extraction, it triggers uncontrolled resource consumption. This manifests as excessive CPU usage, leading to a denial of service (DoS) condition. The root cause is categorized under CWE-400 (Uncontrolled Resource Consumption), indicating that the system fails to properly limit resource usage when processing specially crafted inputs. The vulnerability affects multiple versions of XWiki Platform: all versions from 14.10 up to but not including 14.10.18, versions from 15.0-rc-1 up to but not including 15.5.3, and versions from 15.6-rc-1 up to but not including 15.8-rc-1. The issue has been addressed in patched releases 14.10.18, 15.5.3, and 15.8 RC1. The CVSS v3.1 base score is 7.5 (high), reflecting that the vulnerability can be exploited remotely without authentication or user interaction, and results in a complete denial of service (availability impact) without affecting confidentiality or integrity. No known exploits are currently reported in the wild. This vulnerability is particularly concerning because it can be triggered by any user able to upload attachments, which may include authenticated users with limited privileges or potentially anonymous users, depending on the wiki's configuration. The attack vector is network-based, requiring only the ability to upload a malicious TAR file, making it relatively easy to exploit in vulnerable deployments. The denial of service could disrupt collaboration, documentation, and other critical business processes relying on XWiki, especially in environments where uptime and availability are crucial.

Potential Impact

For European organizations using XWiki Platform, this vulnerability poses a significant risk to service availability. XWiki is popular in various sectors including government, education, and enterprises for internal documentation and knowledge sharing. A successful exploitation could lead to denial of service, causing downtime and loss of productivity. In critical sectors such as public administration or healthcare, where XWiki might be used for operational documentation, this could delay important workflows and impact service delivery. Additionally, the CPU exhaustion caused by the malformed TAR file could degrade server performance, potentially affecting other hosted applications or services on the same infrastructure. Since the vulnerability does not affect confidentiality or integrity, data breaches are unlikely; however, the operational disruption alone can have financial and reputational consequences. European organizations with strict uptime requirements or regulatory obligations for service continuity (e.g., under GDPR or sector-specific regulations) must prioritize remediation. The lack of known exploits in the wild reduces immediate risk but does not eliminate the threat, especially as attackers may develop exploits over time. Organizations with open or loosely controlled file upload permissions are at higher risk, as attackers do not require elevated privileges or user interaction to trigger the vulnerability.

Mitigation Recommendations

1. Immediate patching: Upgrade all affected XWiki Platform instances to the fixed versions 14.10.18, 15.5.3, or 15.8 RC1 or later. This is the most effective mitigation. 2. Restrict file upload permissions: Limit the ability to attach files to trusted users only. Implement strict access controls and review user roles to minimize exposure. 3. File validation and filtering: Implement server-side validation to detect and block suspicious TAR files, especially those with abnormal or manipulated metadata headers. 4. Resource limiting: Configure server and application-level resource limits (CPU, memory, process time) to mitigate the impact of potential resource exhaustion attacks. 5. Monitoring and alerting: Deploy monitoring tools to detect unusual CPU usage spikes or denial of service symptoms related to XWiki processes. Set up alerts for anomalous file upload activities. 6. Network segmentation: Isolate XWiki servers from critical infrastructure to contain potential denial of service impacts. 7. Incident response preparation: Develop and test response plans for denial of service incidents affecting collaboration platforms. 8. Review and update security policies: Ensure that file upload and content parsing policies are aligned with best practices to prevent similar vulnerabilities.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
GitHub_M
Date Reserved
2023-12-29T16:10:20.366Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 683f0dc2182aa0cae27ff435

Added to database: 6/3/2025, 2:59:14 PM

Last enriched: 7/3/2025, 11:42:14 PM

Last updated: 8/10/2025, 4:32:59 PM

Views: 12

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats