Issue List
VWE-2020-6005 is a Permissions Escalation issue, where records of used links, wanted categories, and template usages become updated by edits that still required moderator approval. The issue affects VaultWiki 2.0.0 Beta 3 and higher, including all prior versions of the VaultWiki 3.x and 4.x series.VWE-2020-6013 is a Permissions Escalation issue, whereby accessing the correct URL directly, a user without permission to manage a feed's entries can access the form that allows modifying an individual entry; however, the user would not be able to save any attempted changes. The issue affects VaultWiki 4.0.0 and higher.
VWE-2020-6019 is a Permissions Escalation issue, where users who were granted permission to disambiguate content prior to the patch for VWE-2020-5862 are forever able to perform many other unrelated tasks regardless of their other permissions. The issue affects VaultWiki 4.1.0 RC 3 and higher.
Patches
The following patches address the aforementioned issues:- 4.1.1 Patch Level 1
- 4.1.0 Patch Level 3
- 4.1.0 RC 3 Patch Level 5
- 4.1.0 RC 2 Patch Level 6
- 4.1.0 RC 1 Patch Level 7
- 4.0.28 Patch Level 7