• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: January 2018

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: January 2018

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on January 10, 2018 2:53 PM
      0 Comments Comments
      As of January 10, 2018, the regularly scheduled security patches for January are now available.

      Issue List

      VWE-2017-4317 is a Permissions escalation issue, in which users may be able to see some thread titles in output from the WIDGET BB-Code, even though the users may otherwise not be allowed to view those same threads. The issue affects VaultWiki 4.0.0 RC 3 and later, except Lite versions, on XenForo-based forums only.

      VWE-2017-4318 is a Permissions escalation issue, in which users may be able to see some cache contents of output from the WIDGET BB-Code, even though the users may otherwise not be allowed to view the same contents. The issue affects VaultWiki 4.0.0 RC 3 and later, except Lite versions.

      VWE-2017-4319 is a Permissions escalation issue, in which users may be able to see some cache contents of the Similar Content sidebar block, even though the users may otherwise not be allowed to view the same contents. The issue affects all versions of VaultWiki 4.x series, except Lite versions.

      VWE-2017-4320 is a Permissions escalation issue, in which users may be able to circumvent certain limitations that are enforced on wiki books. If the escalation is performed enough times on a single book, a Denial of Service condition can be created on pages that reference the book. The issue affects VaultWiki 4.0.4 and later, except Lite versions.

      VWE-2017-4325 is a Permissions escalation issue, in which users may be able to see wiki page titles in Find New Wiki Updates, even though the users may otherwise not be allowed to view the same wiki pages. The issue affects VaultWiki 4.0.4 and later, on XenForo-based forums only.

      VWE-2017-4326 is a design flaw that could lead to Permissions escalation or Data Loss in third-party add-ons that rely on VaultWiki's vw_Fetch_Controller::get_by_route function. The issue affects VaultWiki 4.0.16 and later.

      Patches

      The following patches, issued January 10, 2018, address the aforementioned issues:
      • 4.0.20 Patch Level 2
      • 4.0.19 Patch Level 5
      • 4.0.18 Patch Level 6
      • 4.0.17 Patch Level 8
      • 4.0.16 Patch Level 9*


      * A patch was issued for 4.0.16 even though it reached its end of life earlier this January, because at least one of the issues resolved by the patch was discovered prior to its end-of-life. However, we recommend that users upgrade to a more recent patched version.

      We highly recommend that all users running VaultWiki 4.x in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 1:15 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.