Ikiwiki Ikiwiki : Security vulnerabilities, CVEs Bypass published in 2018

Copy

CVE-2017-0356

A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.

Max CVSS

9.8

EPSS Score

1.69%

Published

2018-04-13

Updated

2018-05-18

CVE-2016-9646

ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.

Max CVSS

5.3

EPSS Score

0.21%

Published

2018-04-13

Updated

2018-05-18

CVE-2016-9645

The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.

Max CVSS

6.5

EPSS Score

0.08%

Published

2018-04-10

Updated

2018-05-22

3 vulnerabilities found

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!