The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4336 Related Report #5338 Severity MEDIUM Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. It is theoretically possible to parse legacy wiki syntax that exists in an unprivileged context within a privileged context. However, an exploit would rely on also having third-party or custom BB-Codes that have been coded in a specific way; it is believed that no such BB-Codes currently exist. Under vBulletin, affects all versions of VaultWiki 2.x from 2.2.0, 3.x, and 4.x series. Under XenForo, affects all versions prior to 4.0.7, but patches for VWE-2015-1601 are not affected. Does not affect Lite versions.
Discovered January 14, 2018 Resolved February 8, 2018 Patches Available 4.0.20 Patch Level 3
4.0.19 Patch Level 6
4.0.18 Patch Level 7
4.0.17 Patch Level 9Workaround In Settings > Options > VaultWiki: Miscellaneous, disable Legacy Syntax support.
Sub-Categories of VWE-2018-4336
-
#
-
# (cont.)
-
# (cont.)