VWE-2018-4673 Printable Version
This page is a chapter in Info Known Vulnerabilities
This page has been seen 332,926 times.
-
-
Created by on
-
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2018-4673 Related Report None Severity HIGH Exploit Difficulty EASY Platform XenForo Description GDPR. Some data retention policies may be in conflict with VaultWiki's handling of IP addresses if those policies were written without consulting VaultWiki support.
Discovered October 6, 2018 Resolved October 8, 2018 Patches Available 4.0.24 Patch Level 1
4.0.23 Patch Level 3
4.0.22 Patch Level 5
4.0.21 Patch Level 6
4.0.20 Patch Level 9
Notes
This issue is resolved by making VaultWiki's IP retention more consistent with related XenForo admin options. After patching, IPs should be cleaned automatically at XenForo's next scheduled IP prune task.
This is not considered to be an issue for XenForo sites that have IP pruning disabled, nor for vBulletin sites which do not have an option to prune IPs; in these cases, VaultWiki assumes that IPs are retained indefinitely. However, you may way wish to review whether your site's privacy policy states this and update it as appropriate.
If you use a custom or third-party solution to clean IPs, especially for vBulletin sites, you should contact VaultWiki support for advice on how to include its data in your cleaner.