CVE-2015-2172

Published: Mar 30, 2015

Modified: Aug 6, 2024

PUBLISHED

Description

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/splitbrain/dokuwiki/issues/1056

x_refsource_CONFIRM

FEDORA-2015-3079

vendor-advisory

x_refsource_FEDORA

https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f

x_refsource_CONFIRM

https://www.dokuwiki.org/changes

x_refsource_CONFIRM

72827

vdb-entry

x_refsource_BID

FEDORA-2015-3186

vendor-advisory

x_refsource_FEDORA

FEDORA-2015-3211

vendor-advisory

x_refsource_FEDORA

[oss-security] 20150301 Re: CVE request: DokuWiki privilege escalation in RPC API

mailing-list

x_refsource_MLIST

http://advisories.mageia.org/MGASA-2015-0093.html

x_refsource_CONFIRM

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2015-2172

Description

Affected Products

References