VWE-2017-4267
Return to current revision
Differences in Content
-
[template]Vulnerability
| cve=
| aka= -
+| issueid=5312
-
| severity=Low
| difficulty=Easy
| description=(Accidental) Permissions Escalation. Incorrect values in the "Not Set" column when customizing usergroup permissions for a specific area could lead an admin to grant more permissions than intended for that area. Affects XenForo only. Does not affect VaultWiki Lite.
| discover-date=November 9, 2017
| patch-date=December 1, 2017
| patches=4.0.20 Patch Level 1
4.0.19 Patch Level 4
4.0.18 Patch Level 5
4.0.17 Patch Level 7
4.0.16 Patch Level 8
4.0.15 Patch Level 12
| workaround=One might treat the "Not Set" values as unknown even if they are specified, in order to avoid acting on misleading information. Prior to 4.0.12, the "Not Set" column did not specify inherited values, so the misleading information did not exist.[/template]