CVE-2016-10026

Опубликовано: 13 фев. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

Ссылки

http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
Issue Tracking
Vendor Advisory
http://www.debian.org/security/2017/dsa-3760
http://www.openwall.com/lists/oss-security/2016/12/21/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/29/3
Mailing List
Third Party Advisory
https://ikiwiki.info/security/#index46h2
Vendor Advisory
http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/
Issue Tracking
Vendor Advisory
http://www.debian.org/security/2017/dsa-3760
http://www.openwall.com/lists/oss-security/2016/12/21/3
Mailing List
Third Party Advisory
http://www.openwall.com/lists/oss-security/2016/12/29/3
Mailing List
Third Party Advisory
https://ikiwiki.info/security/#index46h2
Vendor Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:ikiwiki:ikiwiki:3.20161219:*:*:*:*:*:*:*

EPSS

Процентиль: 59%

0.00377

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-10026

CVSS3: 7.5

ubuntu

почти 9 лет назад

CVE-2016-10026

CVSS3: 7.5

debian

почти 9 лет назад

ikiwiki 3.20161219 does not properly check if a revision changes the a ...

GHSA-r7m6-q359-fprm

CVSS3: 7.5

github

больше 3 лет назад

EPSS

Процентиль: 59%

0.00377

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284