VWE-2019-5150 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2019-5150
This page is a chapter in Info Known Vulnerabilities

This page has been seen 180,040 times.

- Created by
  pegasus
  on May 2, 2019

Common Name None
VWE-ID VWE-2019-5150
Related Report None
Severity MEDIUM
Exploit Difficulty EASY
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. By guessing the correct editor URL, users can post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected.

Discovered March 28, 2019
Resolved May 2, 2019
Patches Available 4.1.0 Beta 1
Workaround In your Wiki Permissions, for each usergroup that should not permitted to create all content, update all permissions like "Are new [X] NOT moderated?" to NO. This will catch all new content in the moderation queue, including content created without permission.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2019-5150
Related Report	None
Severity	MEDIUM
Exploit Difficulty	EASY
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. By guessing the correct editor URL, users can post new wiki content without proper permissions. The issue affects new content only; edits to existing content are unaffected.
Discovered	March 28, 2019
Resolved	May 2, 2019
Patches Available	4.1.0 Beta 1
Workaround	In your Wiki Permissions, for each usergroup that should not permitted to create all content, update all permissions like "Are new [X] NOT moderated?" to NO. This will catch all new content in the moderation queue, including content created without permission.