VWE-2022-6458 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2022-6458
This page is a chapter in Info Known Vulnerabilities

This page has been seen 202,619 times.

- Created by
  pegasus
  on March 4, 2024

Common Name None
VWE-ID VWE-2022-6458
Related Report None
Severity MEDIUM
Exploit Difficulty NORMAL
Platform Affects all platforms supported by the vulnerable versions.
Description Permissions Escalation. A user can change tags for a wiki page even though they don't have permissions to tag that page, as long as they know the URL for that page's tag editor and have permissions to change the page's categories.

Discovered August 9, 2022
Resolved September 9, 2022
Patches Available 4.1.5 Patch Level 2
4.1.4 Patch Level 4
4.1.3 Patch Level 6
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Notes
Prior to version 4.1.3, there was no separate permission for changing tags, so the behavior being patched was actually the expected behavior. Therefore, earlier versions are not considered vulnerable to this issue.

Common Name	None
VWE-ID	VWE-2022-6458
Related Report	None
Severity	MEDIUM
Exploit Difficulty	NORMAL
Platform	Affects all platforms supported by the vulnerable versions.
Description	Permissions Escalation. A user can change tags for a wiki page even though they don't have permissions to tag that page, as long as they know the URL for that page's tag editor and have permissions to change the page's categories.
Discovered	August 9, 2022
Resolved	September 9, 2022
Patches Available	4.1.5 Patch Level 2 4.1.4 Patch Level 4 4.1.3 Patch Level 6