MGASA-2015-0093

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2015-0093.html

Import Source

https://advisories.mageia.org/MGASA-2015-0093.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2015-0093

Related

CVE-2015-2172

Published

2015-03-05T19:34:09Z

Modified

2015-03-05T19:23:51Z

Summary

Updated dokuwiki packages fix CVE-2015-2172

Details

Updated dokuwiki package fixes security vulnerability:

DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules (CVE-2015-2172).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:4 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:rpm/mageia/dokuwiki?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20140929-1.3.mga4

Ecosystem specific

{
    "section": "core"
}