• Register
    • Help

    striker  0 Items
    Currently Supporting
    • Home
    • News
      • VaultWiki News
      • Visit the Wiki
    • Forum
    • Wiki
    • Support
    • What's New?
    • Buy Now
    • Manual
    • 
    • Home
    • VaultWiki Security Update: January 2020

    1. Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

      VaultWiki allows your existing forum users to collaborate on creating and managing a site's content pages. VaultWiki is a fully-featured and fully-supported wiki solution for vBulletin and XenForo.

      The VaultWiki Team encourages you to join our community of forum administrators and check out VaultWiki for yourself.

    • VaultWiki Security Update: January 2020

      by
      pegasus
      • View Profile
      • View Forum Posts
      • View Blog Entries
      • Visit Homepage
      • View Articles
      Published on January 28, 2020 2:17 PM
      0 Comments Comments
      As of January 29, security patches for January 2020 are now available.

      Issue List

      VWE-2019-5452 is a Subscription Management issue, where using the admin option to delete all wiki subscriptions for a user may not delete any. The issue affects 4.0.17 and higher, on XenForo 1.x platforms only.

      VWE-2019-5453 is a Permissions Escalation issue, where wiki social groups are visible to non-group-members via the WIDGET BB-Code, even though the social group is setup to only permit member viewing. The issue affects 4.0.9 and higher, as well as patches for VWE-2016-2064, on vBulletin platforms only.

      VWE-2020-5454 is a Permissions Escalation issue, where meta descriptions and summary snippets of wiki pages may include privileged or user-specific content based on the user who generated the description, rather than the user who is currently viewing it. The issue affects 4.0.0 Alpha 1 and higher.

      Patches

      The following patches address the aforementioned issues:
      • 4.0.27 Patch Level 3
      • 4.0.26 Patch Level 5
      • 4.0.25 Patch Level 7*

      * A patch was issued for this version even though it reached its end-of-life before the patch date, because at least one of the addressed issues was identified prior to its end-of-life. However, we recommend that users update to a more recent patched version.

      4.1.x Issues

      Since beta versions are not subject to the same patching policy as stable versions, the following issues will be patched in a future release of the 4.1.x branch, in addition to any relevant issues listed above.

      VWE-2019-5463 is a Denial of Service Amplification issue, where content updates that affect a large number of feeds may take an infinite number of deferred requests to apply those updates. Until a patch is available, you may wish to use permissions to prevent non-admin users from adding entries to feeds.

      Notes

      We recommend that all users running VaultWiki in a production environment update to a patched release.
    • Contact Us
    • License Agreement
    • Privacy
    • Terms
    • Top
    All times are GMT -4. The time now is 9:20 PM.
    This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Learn more… Accept Remind me later
  • striker
    Powered by vBulletin® Version 4.2.5 Beta 2
    Copyright © 2025 vBulletin Solutions Inc. All rights reserved.
    Search Engine Optimisation provided by DragonByte SEO (Pro) - vBulletin Mods & Addons Copyright © 2025 DragonByte Technologies Ltd.
    Copyright © 2008 - 2024 VaultWiki Team, Cracked Egg Studios, LLC.