VWE-2017-3981 Viewing Source [template]Vulnerability | cve= | aka= | severity=Medium | difficulty=Hard | description=Permissions escalation. If the wiki installation has a blank API key due to an incomplete installation, it is possible for anyone to craft working image proxy URLs, even though they don't have permission to perform actions that generate proxy URLs normally. | lite=no | discover-date=September 9, 2017 | patch-date=September 13, 2017 | patches=4.0.19 Patch Level 1 4.0.18 Patch Level 2 4.0.17 Patch Level 4 4.0.16 Patch Level 5 4.0.15 Patch Level 9 4.0.14 Patch Level 12 | workaround=[/template] 598 characters