VWE-2017-3992
Return to current revision
Current Revision
April 8, 2018, 11:29 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Low
| difficulty=Hard -
-
| description=Permissions escalation. If image support for a file-type is activated later, prior uploads of that type will be treated as images even if they now exceed the permitted width and height. Does not affect VaultWiki Lite. -
+
| description=Permissions escalation. If image support for a file-type is activated later, prior uploads of that type will be treated as images even if they now exceed the permitted width and height.
| lite=no -
| discover-date=August 24, 2017
| patch-date=September 13, 2017
| patches=4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12
| workaround=Do not activate image support for any file-types in Content > Attachments or reduce the permitted dimensions after there are already uploads of the given type.[/template]