VWE-2018-4630 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2018-4630
This page is a chapter in Info Known Vulnerabilities

This page has been seen 206,566 times.

- Created by
  pegasus
  on August 27, 2018

Common Name None
VWE-ID VWE-2018-4630
Related Report None
Severity LOW
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. If a user has permission to view a wiki node, that user can view an RSS feed which contains a list of its contents, even though the user does not have permission to view a list of the node's contents.

Discovered August 22, 2018
Resolved August 27, 2018
Patches Available 4.0.23 Patch Level 2
4.0.22 Patch Level 4
4.0.21 Patch Level 5
4.0.20 Patch Level 8
4.0.19 Patch Level 11
Workaround In Settings > VaultWiki: Miscellaneous, set Enable External Feeds = No.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2018-4630
Related Report	None
Severity	LOW
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. If a user has permission to view a wiki node, that user can view an RSS feed which contains a list of its contents, even though the user does not have permission to view a list of the node's contents.
Discovered	August 22, 2018
Resolved	August 27, 2018
Patches Available	4.0.23 Patch Level 2 4.0.22 Patch Level 4 4.0.21 Patch Level 5 4.0.20 Patch Level 8 4.0.19 Patch Level 11
Workaround	In Settings > VaultWiki: Miscellaneous, set Enable External Feeds = No.