VWE-2022-6458
Return to current revision
Current Revision
March 4, 2024, 10:48 AM
Differences in Content
-
[template]Vulnerability
| aka=
| severity=Medium
| difficulty=Normal
| description=Permissions Escalation. A user can change tags for a wiki page even though they don't have permissions to tag that page, as long as they know the URL for that page's tag editor and have permissions to change the page's categories.
| platform=
| lite=
| issueid= -
-
| discover-date=July 3, 2022
| patch-date=July 7, 2022 -
+
| discover-date=August 9, 2022
| patch-date=September 9, 2022 -
| patches=4.1.5 Patch Level 2
4.1.4 Patch Level 4 -
-
4.1.3 Patch Level 5 -
+
4.1.3 Patch Level 6 -
| workaround=
[/template]
[h=3]Notes[/h]
Prior to version 4.1.3, there was no separate permission for changing tags, so the behavior being patched was actually the expected behavior. Therefore, earlier versions are not considered vulnerable to this issue.