VWE-2019-5150
Return to current revision
Current Revision
May 2, 2019, 1:55 PM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Medium
| difficulty=Easy
| description=Permissions Escalation. By guessing the correct editor URL, users can post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected.
| platform=
| lite=
| issueid=
| discover-date=March 28, 2019
| patch-date=May 2, 2019 -
-
| patches=4.0.25 Patch Level 2
4.0.24 Patch Level 4
4.0.23 Patch Level 6
4.0.22 Patch Level 8 -
+
| patches=4.1.0 Beta 1 -
| workaround=In your Wiki Permissions, for each usergroup that should not permitted to create all content, update all permissions like "Are new [X] NOT moderated?" to NO. This will catch all new content in the moderation queue, including content created without permission.
[/template]