The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2019-5361 Related Report None Severity MEDIUM Exploit Difficulty EASY Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. Users can create new collaborative feeds in no area without awaiting approval, as long as they have global permissions to create collaborative feeds.
Discovered September 11, 2019 Resolved October 12, 2019 Patches Available 4.1.0 Beta 4 Workaround Update global permissions so that users need moderator approval to create new collaborative feeds, if that should be required when not created in any area.
NotesAlthough this behavior exists in 4.0.x versions, it is only considered an escalation in 4.1.x, since 4.1.0 Alpha 1 introduced the ability to set custom permissions for content not contained in a area.
This page has been seen 620 times.