VWE-2019-5361 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2019-5361
This page is a chapter in Info Known Vulnerabilities

This page has been seen 196,613 times.

    • Created by on
Common NameNone
VWE-IDVWE-2019-5361
Related ReportNone
SeverityMEDIUM
Exploit DifficultyEASY
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionPermissions Escalation. Users can create new collaborative feeds in no area without awaiting approval, as long as they have global permissions to create collaborative feeds.
DiscoveredSeptember 11, 2019
ResolvedOctober 12, 2019
Patches Available4.1.0 Beta 4
WorkaroundUpdate global permissions so that users need moderator approval to create new collaborative feeds, if that should be required when not created in any area.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes

Although this behavior exists in 4.0.x versions, it is only considered an escalation in 4.1.x, since 4.1.0 Alpha 1 introduced the ability to set custom permissions for content not contained in a area.