A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
Max CVSS
9.8
EPSS Score
1.69%
Published
2018-04-13
Updated
2018-05-18
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Max CVSS
5.3
EPSS Score
0.21%
Published
2018-04-13
Updated
2018-05-18
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
Max CVSS
6.5
EPSS Score
0.08%
Published
2018-04-10
Updated
2018-05-22
3 vulnerabilities found