VWE-2019-5361 Viewing Source [template]Vulnerability | cve= | aka= | severity=Medium | difficulty=Easy | description=Permissions Escalation. Users can create new collaborative feeds in no area without awaiting approval, as long as they have global permissions to create collaborative feeds. | platform= | lite= | issueid= | discover-date=September 11, 2019 | patch-date=October 12, 2019 | patches=4.1.0 Beta 4 | workaround=Update global permissions so that users need moderator approval to create new collaborative feeds, if that should be required when not created in any area. [/template] [h=3]Notes[/h] Although this behavior exists in 4.0.x versions, it is only considered an escalation in 4.1.x, since 4.1.0 Alpha 1 introduced the ability to set custom permissions for content not contained in a area. 792 characters