| Vulnerability Name: | CVE-2015-2172 (CCN-101254) | ||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2015-03-02 | ||||||||||||||||||||||||||||||||||||||||
| Published: | 2015-03-02 | ||||||||||||||||||||||||||||||||||||||||
| Updated: | 2019-02-05 | ||||||||||||||||||||||||||||||||||||||||
| Summary: | DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API. | ||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 7.3 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L)
| ||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.5 Medium (CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P) 4.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:S/C:P/I:P/A:P/E:U/RL:OF/RC:C)
5.5 Medium (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-284 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||||||||||||||||||||||||||||||||||
| References: | Source: CONFIRM Type: Third Party Advisory http://advisories.mageia.org/MGASA-2015-0093.html Source: MITRE Type: CNA CVE-2015-2172 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2015-3211 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2015-3186 Source: FEDORA Type: Mailing List, Third Party Advisory FEDORA-2015-3079 Source: CCN Type: oss-security Mailing List, Mon, 02 Mar 2015 03:34:49 +0100 CVE request: DokuWiki privilege escalation in RPC API Source: CCN Type: oss-security Mailing List, Sun, 1 Mar 2015 23:09:32 -0500 (EST) Re: CVE request: DokuWiki privilege escalation in RPC API Source: CCN Type: DokuWiki Web Site DokuWiki Source: MLIST Type: Mailing List, Third Party Advisory [oss-security] 20150301 Re: CVE request: DokuWiki privilege escalation in RPC API Source: BID Type: Third Party Advisory, VDB Entry 72827 Source: CCN Type: BID-72827 DokuWiki 'remote.php' Remote Privilege Escalation Vulnerability Source: XF Type: UNKNOWN dokuwiki-cve20152172-priv-esc(101254) Source: CONFIRM Type: Third Party Advisory https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f Source: CONFIRM Type: Third Party Advisory https://github.com/splitbrain/dokuwiki/issues/1056 Source: CONFIRM Type: Vendor Advisory https://www.dokuwiki.org/changes Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-2172 | ||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||