VWE-2021-6347 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2021-6347
This page is a chapter in Info Known Vulnerabilities

This page has been seen 123,409 times.

- Created by
  pegasus
  on December 1, 2021

Common Name None
VWE-ID VWE-2021-6347
Related Report #6276
Severity MEDIUM
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. A user can circumvent the maximum allowed file size for an attachment by uploading a specially-crafted image file in excess of the maximum allowed dimensions. Does not affect Lite versions.

Discovered November 29, 2021
Resolved December 1, 2021
Patches Available 4.1.3 Patch Level 1
4.1.2 Patch Level 4
4.1.1 Patch Level 9
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
Although the underlying issue affects all versions of the VaultWiki 4.x series, it can be exploited to greatest effect in 4.0.20 and higher, as well as in patches for VWE-2017-4030.

Common Name	None
VWE-ID	VWE-2021-6347
Related Report	#6276
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. A user can circumvent the maximum allowed file size for an attachment by uploading a specially-crafted image file in excess of the maximum allowed dimensions. Does not affect Lite versions.
Discovered	November 29, 2021
Resolved	December 1, 2021
Patches Available	4.1.3 Patch Level 1 4.1.2 Patch Level 4 4.1.1 Patch Level 9