VWE-2019-5375 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2019-5375
This page is a chapter in Info Known Vulnerabilities

This page has been seen 197,900 times.

    • Created by on
Common NameNone
VWE-IDVWE-2019-5375
Related ReportNone
SeverityMEDIUM
Exploit DifficultyNORMAL
PlatformAffects all platforms supported by the vulnerable versions.
DescriptionPermissions Escalation. Users can rename any multi-typed attachment as long as they have permission to rename regular attachments, and can rename other types of pages as long as they have permission to rename regular pages. Does not affect Lite versions.
DiscoveredOctober 3, 2019
ResolvedOctober 12, 2019
Patches Available4.1.0 Beta 4
4.0.27 Patch Level 1
4.0.26 Patch Level 3
4.0.25 Patch Level 5
WorkaroundUpdate permissions so that users cannot rename regular attachments or regular pages, if they should not be allowed to rename certain multi-typed attachments or pages.
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.