VWE-2021-6105 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6105
This page is a chapter in Info Known Vulnerabilities

This page has been seen 179,960 times.

- Created by
  pegasus
  on October 17, 2021

Common Name None
VWE-ID VWE-2021-6105
Related Report None
Severity MEDIUM
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. A user can associate wiki-based files to wiki attachments, even though those files were uploaded under a different context with different attachment permissions, or match an existing file that was uploaded by another user or under a different context with different attachment permissions. Does not affect Lite versions.

Discovered June 5, 2021
Resolved June 6, 2021
Patches Available 4.1.1 Patch Level 5
4.1.0 Patch Level 7
4.1.0 RC 3 Patch Level 9
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2021-6105
Related Report	None
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. A user can associate wiki-based files to wiki attachments, even though those files were uploaded under a different context with different attachment permissions, or match an existing file that was uploaded by another user or under a different context with different attachment permissions. Does not affect Lite versions.
Discovered	June 5, 2021
Resolved	June 6, 2021
Patches Available	4.1.1 Patch Level 5 4.1.0 Patch Level 7 4.1.0 RC 3 Patch Level 9