VaultWiki Security Update: March 2021
by
Published on March 5, 2021 5:44 PM
As of March 5, security patches for March 2021 are now available.
Issue List
VWE-2021-6177 is a Permissions Escalation issue, under which, when the last editor and original creator of a wiki page are different, the last editor of the page can protect the page so that only the creator can make changes, without the original creator's knowledge or consent. In such a case, until the original creator submits a new edit, even the original creator has no access to the controls necessary to reverse the protection. The issue affects VaultWiki 4.0.20 and higher.
Patches
The following patches address the aforementioned issue:
- 4.1.1 Patch Level 3
- 4.1.0 Patch Level 5
- 4.1.0 RC 3 Patch Level 7
- 4.1.0 RC 2 Patch Level 8
Notes
We recommend that all users running VaultWiki in a production environment update to a patched release.