VWE-2021-6347 Viewing Source [template]Vulnerability | aka= | severity=Medium | difficulty=Normal | description=Permissions Escalation. A user can circumvent the maximum allowed file size for an attachment by uploading a specially-crafted image file in excess of the maximum allowed dimensions. | platform= | lite=no | issueid=6276 | discover-date=November 29, 2021 | patch-date=December 1, 2021 | patches=4.1.3 Patch Level 1 4.1.2 Patch Level 4 4.1.1 Patch Level 9 | workaround= [/template] [h=3]Notes[/h] Although the underlying issue affects all versions of the VaultWiki 4.x series, it can be exploited to greatest effect in 4.0.20 and higher, as well as in patches for [wiki]VWE-2017-4030[/wiki]. 688 characters