Lucene search

FreeBSD848539DC-0458-11DF-8DD7-002170DAAE37

HistoryJan 17, 2010 - 12:00 a.m.

dokuwiki -- multiple vulnerabilities

2010-01-1700:00:00

vuxml.freebsd.org

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

Dokuwiki reports:

The plugin does no checks against cross-site request
forgeries (CSRF) which can be exploited to e.g. change
the access control rules by tricking a logged in
administrator into visiting a malicious web site.

The bug allows listing the names of arbitrary file on
the webserver - not their contents. This could leak
private information about wiki pages and server structure.

OSVersionArchitecturePackageVersionFilename
FreeBSDanynoarchdokuwiki< 20091225_2UNKNOWN

OS	Version	Architecture	Package	Version	Filename
FreeBSD	any	noarch	dokuwiki	< 20091225_2	UNKNOWN

References

bugs.splitbrain.org/index.php?do=details&task_id=1847

bugs.splitbrain.org/index.php?do=details&task_id=1853

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.015 Low

EPSS

Percentile

86.6%

JSON

Related for 848539DC-0458-11DF-8DD7-002170DAAE37