The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4673 Related Report None Severity HIGH Exploit Difficulty EASY Platform XenForo Description GDPR. Some data retention policies may be in conflict with VaultWiki's handling of IP addresses if those policies were written without consulting VaultWiki support.
Discovered October 6, 2018 Resolved October 8, 2018 Patches Available 4.0.24 Patch Level 1
4.0.23 Patch Level 3
4.0.22 Patch Level 5
4.0.21 Patch Level 6
4.0.20 Patch Level 9
Workaround It is not possible to workaround this issue.
NotesThis issue is resolved by making VaultWiki's IP retention more consistent with related XenForo admin options. After patching, IPs should be cleaned automatically at XenForo's next scheduled IP prune task.
If you use a custom or third-party solution to clean IPs, especially for vBulletin sites, you should contact VaultWiki support for advice on how to include its data in your cleaner.
Categories: XSS:4.0.0 XSS:4.0.0 Beta 1 XSS:4.0.0 Beta 2 XSS:4.0.0 Beta 3 XSS:4.0.0 Beta 4 XSS:4.0.0 Beta 5 XSS:4.0.0 Beta 6 XSS:4.0.0 Beta 7 XSS:4.0.0 Gamma 1 XSS:4.0.0 Gamma 2 XSS:4.0.0 Gamma 3 XSS:4.0.0 Gamma 4 XSS:4.0.0 Gamma 5 XSS:4.0.0 Gamma 6 XSS:4.0.0 Gamma 7 XSS:4.0.0 Patch Level 1 XSS:4.0.0 Patch Level 2 XSS:4.0.0 Patch Level 3 XSS:4.0.0 Patch Level 4 XSS:4.0.0 Patch Level 5 XSS:4.0.0 Patch Level 6 XSS:4.0.0 Patch Level 7 XSS:4.0.0 Patch Level 8 XSS:4.0.0 Patch Level 9 XSS:4.0.0 RC 1 More…
This page has been seen 140 times.