The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name Restricted Area Vulnerability VWE-ID VWE-2016-3120 Related Report None Severity MEDIUM Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Permissions escalation. Permissions are not revoked correctly. Does not affect Lite versions.
Discovered December 22, 2016 Resolved December 22, 2016 Patches Available 4.0.15 Patch Level 3
4.0.14 Patch Level 6
4.0.13 Patch Level 6
4.0.12 Patch Level 7
4.0.11 Patch Level 7
4.0.10 Patch Level 8
4.0.9 Patch Level 8
4.0.8 Patch Level 10Additional Instructions
After applying one of these patches:This will remove cached permissions that might have been stored in a vulnerable state from your site's cache.
- Go to the Wiki Admin Panel > Permissions > Usergroups.
- Edit the Administrators group.
- Change "Index Permissions" > "Can view the wiki Index?" to a different value.
- Save.
- Edit the Administrators group again.
- Change "Index Permissions" > "Can view the wiki Index?" back to the previous value.
- Save.
Sub-Categories of VWE-2016-3120
-
#
-
# (cont.)
-
# (cont.)