VWE-2016-3080 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2016-3080
This page is a chapter in Info Known Vulnerabilities

This page has been seen 165,554 times.

- Created by
  pegasus
  on December 15, 2016
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name Social Butterfly Vulnerability
VWE-ID VWE-2016-3080
Related Report None
Severity LOW
Exploit Difficulty NORMAL
Platform vBulletin
Description Permissions escalation in pages managed by Social Groups. Does not affect Lite versions.

Discovered December 14, 2016
Resolved December 15, 2016
Patches Available 4.0.15 Patch Level 2
4.0.14 Patch Level 5
4.0.13 Patch Level 5
4.0.12 Patch Level 6
4.0.11 Patch Level 6
4.0.10 Patch Level 7
4.0.9 Patch Level 7
4.0.8 Patch Level 9
Workaround The vulnerability allows for unauthorized viewing and editing of social group pages. The only workaround is to prevent all users, including those authorized, from viewing or editing those pages. If social group pages and their managed pages are contained in a specific area, modify permissions so that no users, except for administrators and the area's moderators, have permission to view or edit the contents of that area.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Social Butterfly Vulnerability
VWE-ID	VWE-2016-3080
Related Report	None
Severity	LOW
Exploit Difficulty	NORMAL
Platform	vBulletin
Description	Permissions escalation in pages managed by Social Groups. Does not affect Lite versions.
Discovered	December 14, 2016
Resolved	December 15, 2016
Patches Available	4.0.15 Patch Level 2 4.0.14 Patch Level 5 4.0.13 Patch Level 5 4.0.12 Patch Level 6 4.0.11 Patch Level 6 4.0.10 Patch Level 7 4.0.9 Patch Level 7 4.0.8 Patch Level 9
Workaround	The vulnerability allows for unauthorized viewing and editing of social group pages. The only workaround is to prevent all users, including those authorized, from viewing or editing those pages. If social group pages and their managed pages are contained in a specific area, modify permissions so that no users, except for administrators and the area's moderators, have permission to view or edit the contents of that area.