• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: August 2018

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: August 2018

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on August 27, 2018 2:24 PM
      0 Comments Comments
      As of August 27, 2018, the regularly scheduled security patches for August are now available.

      Issue List

      VWE-2018-4625 is a Denial of Service Amplification issue, by which a distributed attack that posts comments to a single wiki discussion may be able to achieve denial of service, due to a flaw in the quick reply handler. Under vBulletin, the issue affects all prior versions of VaultWiki 4.x series. Under XenForo 1.x, the issue affects VaultWiki 4.0.0 Beta 7 and higher.

      VWE-2018-4626 is a Data Loss issue, where some database keys may not be successfully created. The issue affects the July 2018 patches.

      VWE-2018-4627 is a Data Loss issue, where the patches for VWE-2017-4033 do not successfully prevent accidental deletion of the wiki index or wiki areas and all contents, if not careful when using the Mass Delete function. The issue affects VaultWiki 4.0.18 and higher, but it does not affect Lite versions.

      VWE-2018-4630 is a Permissions Escalation issue, where if a user has permission to view a wiki node, that user can view an RSS feed which contains a list of its contents, even though the user does not have permission to view a list of the node's contents. The issue affects VaultWiki 4.0.0 Alpha 6 and higher.

      VWE-2018-4631 is a Data Loss issue, where when editing an existing integration, the already-injected content may not be selected. If the integration is saved without re-selecting the content, the existing integration would be removed. The issue affects VaultWiki 4.0.23 and higher, but it does not affect Lite versions.

      VWE-2018-4632 is a Permissions Escalation issue, where a fatal error after re-parenting an area may prevent area permissions from being inherited correctly. The issue affects VaultWiki 4.0.21 and higher, but it does not affect Lite versions.

      Patches

      The following patches, issued August 27, 2018, address the aforementioned issues:
      • 4.0.23 Patch Level 2
      • 4.0.22 Patch Level 4
      • 4.0.21 Patch Level 5
      • 4.0.20 Patch Level 8
      • 4.0.19 Patch Level 11*

      *A patch was issued for 4.0.19 even though it reached its end of life earlier this August, because at least one of the issues resolved by the patch was discovered prior to its end-of-life. However, we recommend that users upgrade to a more recent patched version.

      We highly recommend that all users running VaultWiki in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 6:43 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.