CVE-2016-10026

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-10026
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2016-10026.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2016-10026
Related
Published
2017-02-13T18:59:00Z
Modified
2024-09-18T01:00:20Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

References

Affected packages

Debian:11 / ikiwiki

Package

Name
ikiwiki
Purl
pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ikiwiki

Package

Name
ikiwiki
Purl
pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ikiwiki

Package

Name
ikiwiki
Purl
pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}