Issue List
VWE-2018-4573 is a Denial of Service issue, involving a design flaw in the wiki session handler. It affects VaultWiki 4.0.13 and higher.VWE-2018-4574 is a Permissions Escalation issue, in which a moderator may be able to move wiki content into a wiki area where that moderator has no permission. It affects all versions of the VaultWiki 4.x series.
Patches
The following patches, issued June 13, 2018, address the aforementioned issues:- 4.0.22 Patch Level 2
- 4.0.21 Patch Level 3
- 4.0.20 Patch Level 6
- 4.0.19 Patch Level 9
- 4.0.18 Patch Level 10*
*A patch was issued for 4.0.18 even though it reached its end of life this May, because at least one of the issues resolved by the patch was discovered prior to its end-of-life. However, we recommend that users upgrade to a more recent patched version.
We highly recommend that all users running VaultWiki in a production environment update to a patched release.