Dokuwiki ACL Failure Remote Function Access

2004-10-21T04:16:28
ID OSVDB:11005
Type osvdb
Reporter OSVDB
Modified 2004-10-21T04:16:28

Description

Vulnerability Description

Dokuwiki contains a flaw that may allow a malicious user to gain unauthorized access to certain funcitions. The issue is due to a failure of the access control list. It is possible that the flaw may allow unauthorized access to functions including recent changes, feed, search, and mediaselectiondialog, resulting in a loss of confidentiality and/or integrity.

Solution Description

Upgrade to version 2004-10-19 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Dokuwiki contains a flaw that may allow a malicious user to gain unauthorized access to certain funcitions. The issue is due to a failure of the access control list. It is possible that the flaw may allow unauthorized access to functions including recent changes, feed, search, and mediaselectiondialog, resulting in a loss of confidentiality and/or integrity.

References:

Vendor URL: http://www.splitbrain.org/dokuwiki/index.php Vendor Specific News/Changelog Entry: http://www.splitbrain.org/dokuwiki/wiki:changes Security Tracker: 1011802 Related OSVDB ID: 11084 ISS X-Force ID: 17799 CVE-2004-2559