VWE-2017-4030 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2017-4030
This page is a chapter in Info Known Vulnerabilities

This page has been seen 223,159 times.

- Created by
  pegasus
  on September 24, 2017
  
  Last updated by
  pegasus
  on April 8, 2018

Common Name None
VWE-ID VWE-2017-4030
Related Report None
Severity HIGH
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Legal. Accidental loss of copyright and ownership-related metadata for some image-type attachments. Does not affect Lite versions.

Discovered August 17, 2017
Resolved September 24, 2017
Patches Available 4.0.19 Patch Level 2
4.0.18 Patch Level 3
4.0.17 Patch Level 5
4.0.16 Patch Level 6
4.0.15 Patch Level 10
Workaround In the Wiki Admin Panel, go to Content > Attachments, and modify each image file-type so that they are not treated as images. Non-image files are not affected by the issue.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
It is worth noting that neither vBulletin nor XenForo developers consider metadata preservation issues as bugs.

Common Name	None
VWE-ID	VWE-2017-4030
Related Report	None
Severity	HIGH
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Legal. Accidental loss of copyright and ownership-related metadata for some image-type attachments. Does not affect Lite versions.
Discovered	August 17, 2017
Resolved	September 24, 2017
Patches Available	4.0.19 Patch Level 2 4.0.18 Patch Level 3 4.0.17 Patch Level 5 4.0.16 Patch Level 6 4.0.15 Patch Level 10
Workaround	In the Wiki Admin Panel, go to Content > Attachments, and modify each image file-type so that they are not treated as images. Non-image files are not affected by the issue.