Issue List
VWE-2020-5857 is an Information Disclosure issue, where debug output containing file paths could appear in the browser's Javascript console when saving pages in areas that grant at least one custom field. The issue affected VaultWiki 4.1.0 RC 3 build 001, on XenForo 2.1.x-based forums only.VWE-2020-5862 is a Permissions Escalation issue, where some users are able to perform disambiguation tasks regardless of their related permissions. The issue affects VaultWiki 4.1.0 RC 3.
Patches
The following patches address the aforementioned issues:- 4.1.0 RC 3 Patch Level 1