VWE-2017-3981 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-3981
This page is a chapter in Info Known Vulnerabilities

This page has been seen 178,807 times.

    • Created by on
      Last updated by on
Common NameNone
VWE-IDVWE-2017-3981
Related ReportNone
SeverityMEDIUM
Exploit DifficultyDifficult
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionPermissions escalation. If the wiki installation has a blank API key due to an incomplete installation, it is possible for anyone to craft working image proxy URLs, even though they don't have permission to perform actions that generate proxy URLs normally. Does not affect Lite versions.
DiscoveredSeptember 9, 2017
ResolvedSeptember 13, 2017
Patches Available4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.