VWE-2017-3683 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-3683
This page is a chapter in Info Known Vulnerabilities

This page has been seen 176,479 times.

- Created by
  pegasus
  on March 16, 2017
  
  Last updated by
  pegasus
  on March 30, 2017

Common Name None
VWE-ID VWE-2017-3683
Related Report None
Severity MEDIUM
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Subscription Management Flaw. An incomplete merge resulted in VWE-2017-3428 reappearing in 4.0.17 build 001 (build 002 was unaffected). Whenever a user posts a new wiki comment, the user will always be subscribed/unsubscribed to the current discussion based on their profile's default preference, rather than using the manual selection in the active form.

Discovered March 16, 2017
Resolved March 30, 2017
Patches Available 4.0.17 Patch Level 1
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2017-3683
Related Report	None
Severity	MEDIUM
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Subscription Management Flaw. An incomplete merge resulted in VWE-2017-3428 reappearing in 4.0.17 build 001 (build 002 was unaffected). Whenever a user posts a new wiki comment, the user will always be subscribed/unsubscribed to the current discussion based on their profile's default preference, rather than using the manual selection in the active form.
Discovered	March 16, 2017
Resolved	March 30, 2017
Patches Available	4.0.17 Patch Level 1