CVE-2015-2172

DokuWiki before 2014-05-05d and before 2014-09-29c does not properly check permissions for the ACL plugins, which allows remote authenticated users to gain privileges and add or delete ACL rules via a request to the XMLRPC API.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 81%
VendorProductVersion
dokuwikidokuwiki
2014-05-05 ≤
𝑥
< 2014-05-05d
dokuwikidokuwiki
2014-09-29 ≤
𝑥
< 2014-09-29c
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dokuwiki
bullseye
0.0.20180422.a-2.1
fixed
squeeze
not-affected
wheezy
not-affected
bookworm
0.0.20220731.a-2
fixed
sid
0.0.20220731.a-3
fixed
trixie
0.0.20220731.a-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dokuwiki
disco
not-affected
cosmic
not-affected
bionic
not-affected
artful
not-affected
zesty
not-affected
yakkety
not-affected
xenial
not-affected
wily
ignored
vivid
ignored
utopic
ignored
trusty
dne
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2015-0093.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html
http://www.openwall.com/lists/oss-security/2015/03/02/2
http://www.securityfocus.com/bid/72827
https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
https://github.com/splitbrain/dokuwiki/issues/1056
https://www.dokuwiki.org/changes
http://advisories.mageia.org/MGASA-2015-0093.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/152994.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153062.html
http://lists.fedoraproject.org/pipermail/package-announce/2015-March/153266.html
http://www.openwall.com/lists/oss-security/2015/03/02/2
http://www.securityfocus.com/bid/72827
https://github.com/splitbrain/dokuwiki/commit/4970ad24ce49ec76a0ee67bca7594f918ced2f5f
https://github.com/splitbrain/dokuwiki/issues/1056
https://www.dokuwiki.org/changes