Affects all platforms supported by the vulnerable versions.
Description
Permissions escalation. Users who can delete wiki content can remove page behaviors even though new wiki content and edits they make require moderation. Does not affect Lite versions.
Do not grant users permission to physically remove wiki content in the same area where both the user's edits and new wiki content are moderated.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Notes
If edits require moderation, but new content is allowed without moderation and existing content can be deleted, then this issue becomes moot, since the escalation was explicitly permitted -- the user can delete the existing content and publish their edit as a new wiki page, without the previous page behavior, without being moderated anyway.
This site uses cookies to help personalize content, to tailor your experience, and to keep you logged in if you register.
By continuing to use this site, you are consenting to our use of cookies.
