VWE-2016-3120
Return to current revision
Current Revision
April 8, 2018, 11:35 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=Restricted Area Vulnerability
| severity=Medium
| difficulty=Easy -
-
| description=Permissions escalation. Permissions are not revoked correctly. Does not affect Lite versions. -
+
| description=Permissions escalation. Permissions are not revoked correctly.
| lite=no -
| discover-date=December 22, 2016
| patch-date=December 22, 2016
| patches=4.0.15 Patch Level 3
4.0.14 Patch Level 6
4.0.13 Patch Level 6
4.0.12 Patch Level 7
4.0.11 Patch Level 7
4.0.10 Patch Level 8
4.0.9 Patch Level 8
4.0.8 Patch Level 10
| workaround=[/template]
[h=3]Additional Instructions[/h]
After applying one of these patches:
[list=1][*]Go to the Wiki Admin Panel > Permissions > Usergroups.
[*]Edit the Administrators group.
[*]Change "Index Permissions" > "Can view the wiki Index?" to a different value.
[*]Save.
[*]Edit the Administrators group again.
[*]Change "Index Permissions" > "Can view the wiki Index?" back to the previous value.
[*]Save.[/list]
This will remove cached permissions that might have been stored in a vulnerable state from your site's cache.