VaultWiki - Wiki for Forum Communities - VaultWiki Security Update: September 2022

VaultWiki Security Update: September 2022
by
pegasus

View Profile

View Forum Posts

View Blog Entries

Visit Homepage

View Articles
Published on September 9, 2022 4:27 PM

0 Comments
As of September 9, security patches for September 2022 are now available.

Issue List
VWE-2022-6458 is a Permissions Escalation issue, where a user can change tags for a wiki page even though they don't have permissions to tag that page, as long as they know the URL for the page's tag editor and have permissions to change the page's categories. The issue affects VaultWiki 4.1.3 and higher. Prior to 4.1.3, there was no separate permission for changing tags.

Patches
The following patches address the aforementioned issue:
- 4.1.5 Patch Level 2
- 4.1.4 Patch Level 4
- 4.1.3 Patch Level 6
Notes
We highly recommend that all users running VaultWiki in a production environment update to a patched release as soon as they are able.

All times are GMT -4. The time now is 8:01 PM.

This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.

Learn more… Accept Remind me later

Welcome to VaultWiki.org, home of the wiki add-on for vBulletin and XenForo!

VaultWiki Security Update: September 2022

Issue List

Patches

Notes