VWE-2017-3428 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-3428
This page is a chapter in Info Known Vulnerabilities

This page has been seen 193,368 times.

- Created by
  pegasus
  on February 17, 2017

Common Name None
VWE-ID VWE-2017-3428
Related Report None
Severity MEDIUM
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Subscription Management Flaw. Whenever a user posts a new wiki comment, the user will always be subscribed/unsubscribed to the current discussion based on their profile's default preference, rather than using the manual selection in the active form.

Discovered February 13, 2017
Resolved February 17, 2017
Patches Available 4.0.16 Patch Level 1
4.0.15 Patch Level 5
4.0.14 Patch Level 8
4.0.13 Patch Level 8
4.0.12 Patch Level 9
4.0.11 Patch Level 9
4.0.10 Patch Level 10
4.0.9 Patch Level 10
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2017-3428
Related Report	None
Severity	MEDIUM
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Subscription Management Flaw. Whenever a user posts a new wiki comment, the user will always be subscribed/unsubscribed to the current discussion based on their profile's default preference, rather than using the manual selection in the active form.
Discovered	February 13, 2017
Resolved	February 17, 2017
Patches Available	4.0.16 Patch Level 1 4.0.15 Patch Level 5 4.0.14 Patch Level 8 4.0.13 Patch Level 8 4.0.12 Patch Level 9 4.0.11 Patch Level 9 4.0.10 Patch Level 10 4.0.9 Patch Level 10