VWE-2017-3981
Return to current revision
Current Revision
April 8, 2018, 11:30 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Medium
| difficulty=Hard -
-
| description=Permissions escalation. If the wiki installation has a blank API key due to an incomplete installation, it is possible for anyone to craft working image proxy URLs, even though they don't have permission to perform actions that generate proxy URLs normally. Does not affect VaultWiki Lite. -
+
| description=Permissions escalation. If the wiki installation has a blank API key due to an incomplete installation, it is possible for anyone to craft working image proxy URLs, even though they don't have permission to perform actions that generate proxy URLs normally.
| lite=no -
| discover-date=September 9, 2017
| patch-date=September 13, 2017
| patches=4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12
| workaround=[/template]