CVE-2016-10026

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2016-10026

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-10026.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2016-10026

Related

Published

2017-02-13T18:59:00Z

Modified

2024-09-11T02:00:05Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.

References

Affected packages

Debian:11 / ikiwiki

Package

Name: ikiwiki
Purl: pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ikiwiki

Package

Name: ikiwiki
Purl: pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ikiwiki

Package

Name: ikiwiki
Purl: pkg:deb/debian/ikiwiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.20161219

Ecosystem specific

{
    "urgency": "not yet assigned"
}