Issue List
VWE-2022-6473 is a Permissions Escalation issue, where a forum moderator can bypass the disallowed titles list when converting a thread to a wiki page. The issue affects VaultWiki 4.0.16 and higher.VWE-2022-6474 is a Permissions Escalation issue, where a forum moderator can bypass the prefix limitations of the target area when converting a thread to a wiki page. The issue affects VaultWiki 4.0.16 and higher.
VWE-2022-6477 is a Subscription Management issue, where a user's attempts to disable all email notifications simultaneously in the default wiki subscription folder fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
VWE-2022-6478 is a Subscription Management issue, where a user's attempts to disable email notifications for all wiki subscription folders simultaneously fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
VWE-2022-6479 is a Subscription Management issue, where a user's attempts to unwatch all subscriptions simultaneously in the default wiki subscription folder fails with a permissions error. The issue affects all versions of the VaultWiki 4.1.x series.
Patches
The following patches address the aforementioned issues:- 4.1.5 Patch Level 4
- 4.1.4 Patch Level 6
- 4.1.3 Patch Level 8