The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2010-0122-3 Related Report #2090 Severity MEDIUM Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Permissions escalation. Users can see the content of moderated wiki content or that is private for members of a particular social group, by hovering an AJAX preview of the content's title.
Discovered November 16, 2010 Resolved November 22, 2010 Patches Available 3.0.6 Notes
This permissions escalation was incorrectly handled as a standard bug at the time it was patched. As a result, although the problematic code existed in the 2.x series, it was never patched in that series. For the same reason, patches for earlier versions in the 3.x series continued to have this issue, even though they were released after this issue was patched.
This page has been seen 7,987 times.
-
-
Created by on
-