VWE-2016-3128 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2016-3128
This page is a chapter in Info Known Vulnerabilities

This page has been seen 163,170 times.

- Created by
  pegasus
  on December 27, 2016
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name Social Collapse Vulnerability
VWE-ID VWE-2016-3128
Related Report None
Severity MEDIUM
Exploit Difficulty EASY
Platform vBulletin
Description Permissions escalation in Social Groups. Does not affect Lite versions.

Discovered December 27, 2016
Resolved December 27, 2016
Patches Available 4.0.15 Patch Level 4
4.0.14 Patch Level 7
4.0.13 Patch Level 7
4.0.12 Patch Level 8
4.0.11 Patch Level 8
4.0.10 Patch Level 9
4.0.9 Patch Level 9
Workaround The vulnerability allows for unauthorized conversion between a wikified and non-wikified Social Group, resulting in data loss. If the wiki content-type Group is enabled, the only workaround is to prevent users who are not authorized to create wiki Social Groups from creating or editing any Social Groups.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	Social Collapse Vulnerability
VWE-ID	VWE-2016-3128
Related Report	None
Severity	MEDIUM
Exploit Difficulty	EASY
Platform	vBulletin
Description	Permissions escalation in Social Groups. Does not affect Lite versions.
Discovered	December 27, 2016
Resolved	December 27, 2016
Patches Available	4.0.15 Patch Level 4 4.0.14 Patch Level 7 4.0.13 Patch Level 7 4.0.12 Patch Level 8 4.0.11 Patch Level 8 4.0.10 Patch Level 9 4.0.9 Patch Level 9
Workaround	The vulnerability allows for unauthorized conversion between a wikified and non-wikified Social Group, resulting in data loss. If the wiki content-type Group is enabled, the only workaround is to prevent users who are not authorized to create wiki Social Groups from creating or editing any Social Groups.