|Platform||Affects all platforms supported by the vulnerable versions.|
|Description||Permissions Escalation. Users can create new collaborative feeds in no area without awaiting approval, as long as they have global permissions to create collaborative feeds.|
|Discovered||September 11, 2019|
|Resolved||October 12, 2019|
|Patches Available||4.1.0 Beta 4|
|Workaround||Update global permissions so that users need moderator approval to create new collaborative feeds, if that should be required when not created in any area.|
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Although this behavior exists in 4.0.x versions, it is only considered an escalation in 4.1.x, since 4.1.0 Alpha 1 introduced the ability to set custom permissions for content not contained in a area.