VWE-2017-3733 Viewing Source [template]Vulnerability | cve= | aka= | severity=Medium | difficulty=Easy | description=Permissions escalation in wiki attachments. With collusion of downloading users, uploading users can circumvent some attachment-related permissions. | lite=no | discover-date=April 16, 2017 | patch-date=May 16, 2017 | patches=4.0.17 Patch Level 2 4.0.16 Patch Level 3 4.0.15 Patch Level 7 4.0.14 Patch Level 10 4.0.13 Patch Level 10 4.0.12 Patch Level 11 4.0.11 Patch Level 11 | workaround=[/template] [h=3]Notes[/h] Attachments that were already violation of the rules prior to applying the patch must be identified and moderated manually. 646 characters