CVE-2015-2172 — MEDIUM (6.5)

Q: How severe is CVE-2015-2172?

CVE-2015-2172 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2015-2172?

Check the references section above for vendor advisories and patch information. Affected products include: Dokuwiki Dokuwiki.

Vulnerability Description

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Dokuwiki	Dokuwiki	>= 2014-05-05, < 2014-05-05d

Related Weaknesses (CWE)

CWE-284

References

http://advisories.mageia.org/MGASA-2015-0093.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/02/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/72827Third Party AdvisoryVDB Entry
https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918cThird Party Advisory
https://github.com/splitbrain/dokuwiki/issues/1056Third Party Advisory
https://www.dokuwiki.org/changesVendor Advisory
http://advisories.mageia.org/MGASA-2015-0093.htmlThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.htmlMailing ListThird Party Advisory
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.htmlMailing ListThird Party Advisory
http://www.openwall.com/lists/oss-security/2015/03/02/2Mailing ListThird Party Advisory
http://www.securityfocus.com/bid/72827Third Party AdvisoryVDB Entry

FAQ

What is CVE-2015-2172?

CVE-2015-2172 is a vulnerability with a CVSS score of 6.5 (MEDIUM). DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a...

How severe is CVE-2015-2172?

CVE-2015-2172 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2015-2172?

Check the references section above for vendor advisories and patch information. Affected products include: Dokuwiki Dokuwiki.