VWE-2019-5016 Viewing Source [template]Vulnerability | cve= | aka= | severity=Medium | difficulty=Easy | description=Permissions Escalation. By guessing the correct editor URL, users can post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected. | platform= | lite= | issueid=5619 | discover-date=February 2, 2019 | patch-date=February 19, 2019 | patches=4.1.0 Alpha 2 4.0.25 Patch Level 1 4.0.24 Patch Level 3 4.0.23 Patch Level 5 4.0.22 Patch Level 7 4.0.21 Patch Level 8 | workaround=In your Wiki Permissions, for each usergroup that should not permitted to create all content, update all permissions like "Are new [X] NOT moderated?" to NO. This will catch all new content in the moderation queue, including content created without permission. [/template] [h=3]Notes[/h] Because it was possible to download pre-release versions of the February patches which were intended for testing purposes, your version number may incorrectly suggest that you are already patched against this issue. You should re-download and re-apply the patch if you believe that you may have downloaded it prior to February 20, 2019. 1,171 characters