VWE-2013-0010 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2013-0010
This page is a chapter in Info Known Vulnerabilities

This page has been seen 240,357 times.

- Created by
  pegasus
  on May 1, 2015
  
  Last updated by
  pegasus
  on November 25, 2024

Common Name Glass Sandbox Vulnerability
VWE-ID VWE-2013-0010
Related Report #3001
Severity HIGH
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions escalation. When using Custom Permissions for a wiki area, if any permissions are set to "No", it will still be treated as "Not Set." Additionally, if a user has editing permissions in one area, and the area with "No" editing permissions is a sub-area and permits HTML, then the user is able to edit HTML content in that sub-area. Does not affect Lite versions.

Discovered April 4, 2013
Resolved April 4, 2013
Patches Available 4.0.0 Alpha 4
Workaround Update all wiki areas so that none allow HTML.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Glass Sandbox Vulnerability
VWE-ID	VWE-2013-0010
Related Report	#3001
Severity	HIGH
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions escalation. When using Custom Permissions for a wiki area, if any permissions are set to "No", it will still be treated as "Not Set." Additionally, if a user has editing permissions in one area, and the area with "No" editing permissions is a sub-area and permits HTML, then the user is able to edit HTML content in that sub-area. Does not affect Lite versions.
Discovered	April 4, 2013
Resolved	April 4, 2013
Patches Available	4.0.0 Alpha 4
Workaround	Update all wiki areas so that none allow HTML.