VWE-2017-3992
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Low
| difficulty=Hard
| description=Permissions escalation. If image support for a file-type is activated later, prior uploads of that type will be treated as images even if they now exceed the permitted width and height. Does not affect VaultWiki Lite.
| discover-date=August 24, 2017 -
-
| patch-date=
| patches= -
+
| patch-date=September 13, 2017
| patches=4.0.19 Patch Level 1
4.0.18 Patch Level 2
4.0.17 Patch Level 4
4.0.16 Patch Level 5
4.0.15 Patch Level 9
4.0.14 Patch Level 12 -
| workaround=Do not activate image support for any file-types in Content > Attachments or reduce the permitted dimensions after there are already uploads of the given type.[/template]