|
|
Log in / Subscribe / Register

dokuwiki: access control circumvention

Package(s):dokuwiki CVE #(s):CVE-2015-2172
Created:March 6, 2015 Updated:March 27, 2015
Description:

From the Mageia advisory:

DokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules.

Alerts:
Mandriva MDVSA-2015:185 dokuwiki 2015-03-31
Fedora FEDORA-2015-3079 dokuwiki 2015-03-26
Fedora FEDORA-2015-3186 dokuwiki 2015-03-26
Fedora FEDORA-2015-3211 dokuwiki 2015-03-26
Mageia MGASA-2015-0093 dokuwiki 2015-03-05
to post comments


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds