The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2017-3686 Related Report None Severity LOW Exploit Difficulty NORMAL Platform Affects all platforms supported by the vulnerable versions. Description Permissions escalation. Users who can delete wiki content can remove page behaviors even though new wiki content and edits they make require moderation. Does not affect Lite versions.
Discovered March 26, 2017 Resolved March 30, 2017 Patches Available 4.0.17 Patch Level 1
4.0.16 Patch Level 2
4.0.15 Patch Level 6
4.0.14 Patch Level 9
4.0.13 Patch Level 9
4.0.12 Patch Level 10
4.0.11 Patch Level 10
4.0.10 Patch Level 11Workaround Do not grant users permission to physically remove wiki content in the same area where both the user's edits and new wiki content are moderated. Notes
If edits require moderation, but new content is allowed without moderation and existing content can be deleted, then this issue becomes moot, since the escalation was explicitly permitted -- the user can delete the existing content and publish their edit as a new wiki page, without the previous page behavior, without being moderated anyway.
Sub-Categories of VWE-2017-3686
-
#
-
# (cont.)
-
# (cont.)