VWE-2016-3087
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Eavesdropper Vulnerability -
-
| severity=Low -
+
| severity=Minor -
| difficulty=Easy -
-
| description=Permissions escalation. Does not affect Lite versions. The vulnerability allows for unauthorized viewing of some user-contributed discussions. -
+
| description=Permissions escalation (of view permissions). Does not affect Lite versions. The vulnerability allows for unauthorized viewing of some user-contributed discussions. -
| discover-date=December 17, 2016
| patch-date=
| patches=4.0.15 Patch Level 3
4.0.14 Patch Level 6
4.0.13 Patch Level 6
4.0.12 Patch Level 7
4.0.11 Patch Level 7
4.0.10 Patch Level 8
4.0.9 Patch Level 8
4.0.8 Patch Level 10 -
-
| workaround=Update all areas so that no discussions, not even the main discussion, are allowed.[/template] -
+
| workaround=Physically remove soft-deleted discussions. Update permissions so that users whose discussions would be moderated cannot start new discussions.[/template]