QwikSec

Security Database

CVE

CWE

Training

CVE-2016-10026

Published: Feb 13, 2017

Modified: Aug 6, 2024

PUBLISHED

Description

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/

x_refsource_CONFIRM

https://ikiwiki.info/security/#index46h2

x_refsource_CONFIRM

vendor-advisory

x_refsource_DEBIAN

[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes

mailing-list

x_refsource_MLIST

[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.