Issue List
VWE-2019-5016 is a Permissions Escalation issue, where by guessing the correct editor URL, users are able to post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected.Patches
Important: if you already run one of the following patches but believe you may have downloaded it prior to February 19, 2019, we recommend that you re-download and reapply the patch; there was a problem where our downloader offered some these names for download even though the patch was not released yet or provided patches for different versions than requested.As of February 19, 2019, the following patches address the aforementioned issue:
- 4.1.0 Alpha 2
- 4.0.25 Patch Level 1
- 4.0.24 Patch Level 3
- 4.0.23 Patch Level 5
- 4.0.22 Patch Level 7
- 4.0.21 Patch Level 8*
*A patch was issued for this version even though it reached its end-of-life before the patch date, because the issue was identified prior to its end-of-life. However, we recommend that users update to a more recent patched version.
We recommend that all users running VaultWiki in a production environment update to a patched release.