Lucene search

Gentoo FoundationMGASA-2015-0093

HistoryMar 05, 2015 - 10:34 p.m.

Updated dokuwiki packages fix CVE-2015-2172

2015-03-0522:34:09

Gentoo Foundation

advisories.mageia.org

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

JSON

Updated dokuwiki package fixes security vulnerability: DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules (CVE-2015-2172).

OSVersionArchitecturePackageVersionFilename
Mageia4noarchdokuwiki< 20140929-1.3dokuwiki-20140929-1.3.mga4

OS	Version	Architecture	Package	Version	Filename
Mageia	4	noarch	dokuwiki	< 20140929-1.3	dokuwiki-20140929-1.3.mga4

References

bugs.mageia.org/show_bug.cgi?id=15402

github.com/splitbrain/dokuwiki/issues/1056

www.dokuwiki.org/changes#release_2014-09-29c_hrun

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.011 Low

EPSS

Percentile

83.8%

JSON

Related for MGASA-2015-0093