Vulnerability Name:

CVE-2010-0289 (CCN-56425)

Assigned:2010-01-14
Published:2010-01-14
Updated:2019-09-23
Summary:Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c allow remote attackers to hijack the authentication of administrators for requests that modify access control rules, and other unspecified requests, via unknown vectors.
CVSS v3 Severity:5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
5.9 Medium (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Authentication (Au): None
Impact Metrics:Confidentiality (C): Partial
Integrity (I): Partial
Availibility (A): Partial
4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Medium
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-352
Vulnerability Consequences:Gain Access
References:Source: CONFIRM
Type: UNKNOWN
http://bugs.splitbrain.org/index.php?do=details&task_id=1853

Source: MITRE
Type: CNA
CVE-2010-0289

Source: CONFIRM
Type: UNKNOWN
http://freshmeat.net/projects/dokuwiki/tags/security-fix

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0770

Source: FEDORA
Type: UNKNOWN
FEDORA-2010-0800

Source: OSVDB
Type: UNKNOWN
61708

Source: CCN
Type: SA38205
DokuWiki Cross-Site Request Forgery Vulnerability

Source: SECUNIA
Type: Vendor Advisory
38205

Source: GENTOO
Type: UNKNOWN
GLSA-201301-07

Source: DEBIAN
Type: UNKNOWN
DSA-1976

Source: DEBIAN
Type: DSA-1976
dokuwiki -- several vulnerabilities

Source: CCN
Type: OSVDB ID: 61708
DokuWiki plugins/acl/ajax.php Access Control Rule Manipulation CSRF

Source: CONFIRM
Type: UNKNOWN
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

Source: CCN
Type: DokuWiki Web site
DokuWiki

Source: XF
Type: UNKNOWN
dokuwiki-unspecified-csrf(56425)

Vulnerable Configuration:Configuration 1:
  • cpe:/a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:* (Version <= release_2009-02-14)

    • Configuration CCN 1:
  • cpe:/a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*
  • OR cpe:/a:dokuwiki:dokuwiki:release_2009-02-14:*:*:*:*:*:*:*
  • AND
  • cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.mitre.oval:def:20271
    P
    		DSA-1976-1 dokuwiki - several vulnerabilities
    2014-06-23
    oval:org.mitre.oval:def:6751
    P
    		DSA-1976 dokuwiki -- several vulnerabilities
    2014-06-23
    oval:com.ubuntu.artful:def:20100289000
    V
    		CVE-2010-0289 on Ubuntu 17.10 (artful) - medium.
    2010-02-15
    oval:com.ubuntu.xenial:def:20100289000
    V
    		CVE-2010-0289 on Ubuntu 16.04 LTS (xenial) - medium.
    2010-02-15
    oval:com.ubuntu.bionic:def:201002890000000
    V
    		CVE-2010-0289 on Ubuntu 18.04 LTS (bionic) - medium.
    2010-02-15
    oval:com.ubuntu.bionic:def:20100289000
    V
    		CVE-2010-0289 on Ubuntu 18.04 LTS (bionic) - medium.
    2010-02-15
    oval:com.ubuntu.xenial:def:201002890000000
    V
    		CVE-2010-0289 on Ubuntu 16.04 LTS (xenial) - medium.
    2010-02-15
    oval:com.ubuntu.precise:def:20100289000
    V
    		CVE-2010-0289 on Ubuntu 12.04 LTS (precise) - medium.
    2010-02-15
    oval:com.ubuntu.trusty:def:20100289000
    V
    		CVE-2010-0289 on Ubuntu 14.04 LTS (trusty) - medium.
    2010-02-15
    oval:org.debian:def:1976
    V
    		several vulnerabilities
    2010-01-22
    BACK
    dokuwiki dokuwiki 2004-07-04
    dokuwiki dokuwiki 2004-07-07
    dokuwiki dokuwiki 2004-07-12
    dokuwiki dokuwiki 2004-07-21
    dokuwiki dokuwiki 2004-07-25
    dokuwiki dokuwiki 2004-08-08
    dokuwiki dokuwiki 2004-08-15a
    dokuwiki dokuwiki 2004-08-22
    dokuwiki dokuwiki 2004-09-12
    dokuwiki dokuwiki 2004-09-25
    dokuwiki dokuwiki 2004-09-30
    dokuwiki dokuwiki 2004-11-01
    dokuwiki dokuwiki 2004-11-02
    dokuwiki dokuwiki 2004-11-10
    dokuwiki dokuwiki 2005-01-14
    dokuwiki dokuwiki 2005-01-15
    dokuwiki dokuwiki 2005-01-16a
    dokuwiki dokuwiki 2005-02-06
    dokuwiki dokuwiki 2005-02-18
    dokuwiki dokuwiki 2005-05-07
    dokuwiki dokuwiki 2005-07-01
    dokuwiki dokuwiki 2005-07-13
    dokuwiki dokuwiki 2005-09-19
    dokuwiki dokuwiki 2005-09-22
    dokuwiki dokuwiki 2006-03-05
    dokuwiki dokuwiki 2006-03-09
    dokuwiki dokuwiki 2006-03-09e
    dokuwiki dokuwiki 2006-06-04
    dokuwiki dokuwiki *
    dokuwiki dokuwiki release_2006-06-04
    dokuwiki dokuwiki release_2006-03-09e
    dokuwiki dokuwiki release_2006-03-09
    dokuwiki dokuwiki release_2006-03-05
    dokuwiki dokuwiki release_2005-09-22
    dokuwiki dokuwiki release_2005-09-19
    dokuwiki dokuwiki release_2005-07-13
    dokuwiki dokuwiki release_2005-07-01
    dokuwiki dokuwiki release_2005-05-07
    dokuwiki dokuwiki release_2005-02-18
    dokuwiki dokuwiki release_2005-02-06
    dokuwiki dokuwiki release_2005-01-16a
    dokuwiki dokuwiki release_2005-01-15
    dokuwiki dokuwiki release_2005-01-14
    dokuwiki dokuwiki release_2004-11-10
    dokuwiki dokuwiki release_2004-11-02
    dokuwiki dokuwiki release_2004-11-01
    dokuwiki dokuwiki release_2004-09-30
    dokuwiki dokuwiki release_2004-09-25
    dokuwiki dokuwiki release_2004-09-12
    dokuwiki dokuwiki release_2004-08-22
    dokuwiki dokuwiki release_2004-08-15a
    dokuwiki dokuwiki release_2004-08-08
    dokuwiki dokuwiki release_2004-07-25
    dokuwiki dokuwiki release_2004-07-21
    dokuwiki dokuwiki release_2004-07-12
    dokuwiki dokuwiki release_2004-07-07
    dokuwiki dokuwiki release_2004-07-04
    dokuwiki dokuwiki release_2009-02-14
    debian debian linux 5.0