MGASA-2014-0438

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2014-0438.html

Import Source

https://advisories.mageia.org/MGASA-2014-0438.json

JSON Data

https://api.test.osv.dev/v1/vulns/MGASA-2014-0438

Related

Published

2014-10-31T15:53:38Z

Modified

2014-10-31T15:41:40Z

Summary

Updated dokuwiki packages fix security vulnerabilities

Details

inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761).

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762).

DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind (CVE-2014-8763).

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind (CVE-2014-8764).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:3 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:rpm/mageia/dokuwiki?distro=mageia-3

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20140929-1.1.mga3

Ecosystem specific

{
    "section": "core"
}

Mageia:4 / dokuwiki

Package

Name: dokuwiki
Purl: pkg:rpm/mageia/dokuwiki?distro=mageia-4

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

20140929-1.1.mga4

Ecosystem specific

{
    "section": "core"
}