Advisories ยป MGASA-2015-0093

Updated dokuwiki packages fix CVE-2015-2172

Publication date: 05 Mar 2015
Type: security
Affected Mageia releases : 4
CVE: CVE-2015-2172


Updated dokuwiki package fixes security vulnerability:

DokuWiki before 20140929c has a security issue in the ACL plugins remote API
component. The plugin failed to check for superuser permissions before
executing ACL addition or deletion. This means everybody with permissions to
call the XMLRPC API also had permissions to set up their own ACL rules and thus
circumventing any existing rules (CVE-2015-2172).