VWE-2017-3981
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Medium -
-
| difficulty=Difficult -
+
| difficulty=Hard -
| description=Permissions escalation. If the wiki installation has a blank API key due to an incomplete installation, it is possible for anyone to craft working image proxy URLs, even though they don't have permission to perform actions that generate proxy URLs normally. Does not affect VaultWiki Lite.
| discover-date=September 9, 2017
| patch-date=September 13, 2017
| patches=4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12
| workaround=[/template]