VWE-2020-5789 Printable Version

https://www.vaultwiki.org/pages/Book/Documentation/VWE-2020-5789
This page is a chapter in Info Known Vulnerabilities

This page has been seen 72,426 times.

- Created by
  pegasus
  on October 15, 2021

Common Name None
VWE-ID VWE-2020-5789
Related Report None
Severity LOW
Exploit Difficulty Difficult
Platform vBulletin
Description Permissions Escalation. A user who is not a social group member can add or remove social group pages to wiki indexes that are social groups without permission to moderate index-related content, as long as the user has global permissions to moderate content. This is a rare situation involving imports from VaultWiki 3, where VaultWiki 3's index page had been set to a social group. Does not affect Lite versions.

Discovered April 7, 2020
Resolved May 7, 2020
Patches Available 4.1.0 RC 2 Patch Level 2
4.1.0 RC 1 Patch Level 3
4.0.28 Patch Level 3
4.0.27 Patch Level 6
4.0.26 Patch Level 8
The versions listed below are known to be affected by this issue. If you are using one of those versions, you should update to a newer release that has no known vulnerabilities.

Common Name	None
VWE-ID	VWE-2020-5789
Related Report	None
Severity	LOW
Exploit Difficulty	Difficult
Platform	vBulletin
Description	Permissions Escalation. A user who is not a social group member can add or remove social group pages to wiki indexes that are social groups without permission to moderate index-related content, as long as the user has global permissions to moderate content. This is a rare situation involving imports from VaultWiki 3, where VaultWiki 3's index page had been set to a social group. Does not affect Lite versions.
Discovered	April 7, 2020
Resolved	May 7, 2020
Patches Available	4.1.0 RC 2 Patch Level 2 4.1.0 RC 1 Patch Level 3 4.0.28 Patch Level 3 4.0.27 Patch Level 6 4.0.26 Patch Level 8