CVE-2015-2172
First published: Mon Mar 30 2015(Updated: )
DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Dokuwiki Dokuwiki | >=2014-05-05<2014-05-05d | |
| Dokuwiki Dokuwiki | >=2014-09-29<2014-09-29c |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://advisories.mageia.org/MGASA-2015-0093.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html
- http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html
- http://www.openwall.com/lists/oss-security/2015/03/02/2
- http://www.securityfocus.com/bid/72827
- https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
- https://github.com/splitbrain/dokuwiki/issues/1056
- https://www.dokuwiki.org/changes
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/weakness
- agent/type
- agent/description
- agent/event
- agent/tags
- agent/first-publish-date
- agent/softwarecombine
- agent/last-modified-date
- collector/mitre-cve
- source/MITRE
- vendor/dokuwiki
- canonical/dokuwiki dokuwiki
- version/dokuwiki dokuwiki/2014-05-05
- version/dokuwiki dokuwiki/2014-09-29