The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.
Common Name None VWE-ID VWE-2020-5788 Related Report None Severity LOW Exploit Difficulty Difficult Platform Affects all platforms supported by the vulnerable versions. Description Permissions Escalation. A user can view soft-deleted attachment edits of wiki indexes that are attachments without permission to manage soft-deleted index-related content, as long as the user has global permissions to manage soft-deleted content. This is a rare situation involving imports from VaultWiki 3, where VaultWiki 3's index page had been set to a wiki attachment. Does not affect Lite versions.
Discovered April 7, 2020 Resolved May 7, 2020 Patches Available 4.1.0 RC 2 Patch Level 2
4.1.0 RC 1 Patch Level 3
4.0.28 Patch Level 3
4.0.27 Patch Level 6
4.0.26 Patch Level 8
This page has been seen 122,990 times.
-
-
Created by on
-