VWE-2019-5160
Return to current revision
Current Revision
June 3, 2019, 10:36 AM
Differences in Content
-
[template]Vulnerability
| cve=
| aka=
| severity=Low
| difficulty=Easy
| description=Permissions Escalation. A user can create, open, or close discussion topics on the index, as long as the user has global permissions to do the same.
| platform=
| lite=no
| issueid=
| discover-date=April 2, 2019
| patch-date=May 2, 2019
| patches=4.1.0 Beta 1
| workaround=
[/template] -
+[H=3]Notes[/h]
While the behavior exists in prior versions, it is only possible to set different permissions for the index node beginning with 4.1.0 Alpha 1. Therefore only versions that share both this ability and the unwanted behavior are considered vulnerable.