ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
References
Link | Resource |
---|---|
http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/ | Issue Tracking Vendor Advisory |
http://www.debian.org/security/2017/dsa-3760 | |
http://www.openwall.com/lists/oss-security/2016/12/21/3 | Mailing List Third Party Advisory |
http://www.openwall.com/lists/oss-security/2016/12/29/3 | Mailing List Third Party Advisory |
https://ikiwiki.info/security/#index46h2 | Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-02-13T18:00:00
Updated: 2017-11-03T18:57:01
Reserved: 2016-12-21T00:00:00
Link: CVE-2016-10026
JSON object: View
NVD Information
Status : Modified
Published: 2017-02-13T18:59:00.363
Modified: 2017-11-04T01:29:15.163
Link: CVE-2016-10026
JSON object: View
Redhat Information
No data.
CWE