Search criteria
54 vulnerabilities found for ikiwiki by ikiwiki
FKIE_CVE-2015-2793
Vulnerability from fkie_nvd - Published: 2019-11-21 20:15 - Updated: 2024-11-21 02:28
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| fedoraproject | fedora | 20 | |
| fedoraproject | fedora | 21 | |
| fedoraproject | fedora | 22 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D7637F73-A417-4C09-B373-422C1EB21C8D",
"versionEndExcluding": "3.20150329",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*",
"matchCriteriaId": "FF47C9F0-D8DA-4B55-89EB-9B2C9383ADB9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*",
"matchCriteriaId": "56BDB5A0-0839-4A20-A003-B8CD56F48171",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*",
"matchCriteriaId": "253C303A-E577-4488-93E6-68A8DD942C38",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en el archivo templates/openid-selector.tmpl en ikiwiki versiones anteriores a 3.20150329, permite a atacantes remotos inyectar script web o HTML arbitrario por medio del par\u00e1metro openid_identifier en una acci\u00f3n de comprobaci\u00f3n para el archivo ikiwiki.cgi."
}
],
"id": "CVE-2015-2793",
"lastModified": "2024-11-21T02:28:05.393",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-11-21T20:15:15.553",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"source": "security@debian.org",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
},
{
"source": "security@debian.org",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Patch",
"Third Party Advisory"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2010-1673
Vulnerability from fkie_nvd - Published: 2019-10-30 23:15 - Updated: 2024-11-21 01:14
Severity ?
Summary
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index37h2 | Vendor Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2010-1673 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index37h2 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2010-1673 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1482113C-43F0-49BF-BE54-BF18EBE2EC26",
"versionEndExcluding": "3.20101112",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo cross-site scripting (XSS) en ikiwiki versiones anteriores a 3.20101112, permite a atacantes remotos inyectar script web o HTML arbitrario por medio de un comentario."
}
],
"id": "CVE-2010-1673",
"lastModified": "2024-11-21T01:14:57.887",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-30T23:15:10.157",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index37h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index37h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-1408
Vulnerability from fkie_nvd - Published: 2019-10-29 20:15 - Updated: 2024-11-21 01:26
Severity ?
Summary
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index40h2 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-1408 | Third Party Advisory | |
| cve@mitre.org | https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098 | Third Party Advisory | |
| cve@mitre.org | https://www.tenable.com/plugins/nessus/55157 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index40h2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-1408 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.tenable.com/plugins/nessus/55157 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "66A1C117-1CF4-4D9F-B19C-CCD95077E6C8",
"versionEndExcluding": "3.20110608",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
},
{
"lang": "es",
"value": "ikiwiki versiones anteriores a 3.20110608, permite a atacantes remotos secuestrar tty de root y ejecutar ataques de tipo symlink."
}
],
"id": "CVE-2011-1408",
"lastModified": "2024-11-21T01:26:14.843",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.4,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 8.2,
"baseSeverity": "HIGH",
"confidentialityImpact": "LOW",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 4.2,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T20:15:10.617",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-59"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-0428
Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 01:23
Severity ?
Summary
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://ikiwiki.info/security/#index38h2 | Third Party Advisory | |
| cve@mitre.org | https://security-tracker.debian.org/tracker/CVE-2011-0428 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#index38h2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2011-0428 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "1FC641FA-8487-4289-8FD7-0C5E9914D99D",
"versionEndExcluding": "3.20110122",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
},
{
"lang": "es",
"value": "Una vulnerabilidad de tipo Cross Site Scripting (XSS) en ikiwiki versiones anteriores a 3.20110122, podr\u00eda permitir a atacantes remotos insertar JavaScript arbitrario debido a una comprobaci\u00f3n insuficiente en los comentarios."
}
],
"id": "CVE-2011-0428",
"lastModified": "2024-11-21T01:23:56.877",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-10-29T19:15:12.780",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index38h2"
},
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://ikiwiki.info/security/#index38h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2019-9187
Vulnerability from fkie_nvd - Published: 2019-06-05 18:29 - Updated: 2024-11-21 04:51
Severity ?
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F5820F84-9B21-40D2-815C-881BE8DABCE1",
"versionEndExcluding": "3.20170111.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "B21D0888-267E-4FC9-B609-A988D73C1F0A",
"versionEndExcluding": "3.20190226",
"versionStartIncluding": "3.20190207",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180105:*:*:*:*:*:*:*",
"matchCriteriaId": "B95F227E-BF5E-4221-9D74-0A5B4B123CE1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180228:*:*:*:*:*:*:*",
"matchCriteriaId": "602AC6B3-B133-4C14-B39F-78E5D26B939D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20180311:*:*:*:*:*:*:*",
"matchCriteriaId": "2D298889-62C1-4C38-A175-140D051E1A09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
},
{
"lang": "es",
"value": "ikiwiki anterior a versi\u00f3n 3.20170111.1 y versi\u00f3n 3.2018x y versi\u00f3n 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto tambi\u00e9n incluye la lectura de archivos locales por medio de archivos: URIs."
}
],
"id": "CVE-2019-9187",
"lastModified": "2024-11-21T04:51:10.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2019-06-05T18:29:01.183",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "cve@mitre.org",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/news/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://ikiwiki.info/news/version_3.20190228/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-918"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-0356
Vulnerability from fkie_nvd - Published: 2018-04-13 15:29 - Updated: 2024-11-21 03:02
Severity ?
Summary
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | http://www.securityfocus.com/bid/95420 | Third Party Advisory, VDB Entry | |
| security@debian.org | https://ikiwiki.info/security/#cve-2017-0356 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148418234314276&w=2 | Exploit, Third Party Advisory | |
| security@debian.org | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.securityfocus.com/bid/95420 | Third Party Advisory, VDB Entry | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2017-0356 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148418234314276&w=2 | Exploit, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "2D8DC37A-4530-4DCB-AD78-45C4D020D3BE",
"versionEndExcluding": "3.20170111",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
},
{
"lang": "es",
"value": "Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticaci\u00f3n mediante par\u00e1metros repetidos."
}
],
"id": "CVE-2017-0356",
"lastModified": "2024-11-21T03:02:49.507",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T15:29:00.273",
"references": [
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95420"
},
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"source": "security@debian.org",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory",
"VDB Entry"
],
"url": "http://www.securityfocus.com/bid/95420"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9646
Vulnerability from fkie_nvd - Published: 2018-04-13 15:29 - Updated: 2024-11-21 03:01
Severity ?
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | https://ikiwiki.info/security/#cve-2016-9646 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2016-9646 | Issue Tracking, Third Party Advisory | |
| security@debian.org | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2016-9646 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2016-9646 | Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://www.debian.org/security/2017/dsa-3760 | Third Party Advisory |
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 7.0 | |
| debian | debian_linux | 8.0 | |
| debian | debian_linux | 9.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "D184243F-E174-4371-ABAE-460777B3CE19",
"versionEndExcluding": "3.20161229",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
},
{
"lang": "es",
"value": "ikiwiki, en versiones anteriores a la 3.20161229, llam\u00f3 incorrectamente al m\u00e9todo CGI::FormBuilder-\u003efield (similar a la API CGI-\u003eparam que desemboc\u00f3 en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit."
}
],
"id": "CVE-2016-9646",
"lastModified": "2024-11-21T03:01:34.190",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-13T15:29:00.210",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-287"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-9645
Vulnerability from fkie_nvd - Published: 2018-04-10 22:29 - Updated: 2024-11-21 03:01
Severity ?
Summary
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
References
| URL | Tags | ||
|---|---|---|---|
| security@debian.org | https://ikiwiki.info/security/#cve-2016-9645 | Vendor Advisory | |
| security@debian.org | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| security@debian.org | https://security-tracker.debian.org/tracker/CVE-2016-9645 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://ikiwiki.info/security/#cve-2016-9645 | Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://marc.info/?l=oss-security&m=148304341511854&w=2 | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://security-tracker.debian.org/tracker/CVE-2016-9645 | Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9DD21DAE-CF4C-4D5D-B9D9-53CA09C4CDDD",
"versionEndExcluding": "2.8",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
},
{
"lang": "es",
"value": "La soluci\u00f3n para ikiwiki para CVE-2016-10026 era incompleta, lo que resulta en la omisi\u00f3n de las restricciones de edici\u00f3n para git revert al emplear las versiones de git inferiores a la 2.8.0. Esto se ha solucionado en 3.20161229."
}
],
"id": "CVE-2016-9645",
"lastModified": "2024-11-21T03:01:34.070",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "SINGLE",
"availabilityImpact": "NONE",
"baseScore": 4.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2018-04-10T22:29:00.243",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "security@debian.org",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-10026
Vulnerability from fkie_nvd - Published: 2017-02-13 18:59 - Updated: 2025-04-20 01:37
Severity ?
Summary
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:3.20161219:*:*:*:*:*:*:*",
"matchCriteriaId": "3356F821-E0C4-45AB-AAB8-C371F71F1D04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
},
{
"lang": "es",
"value": "ikiwiki 3.20161219 no verifica adecuadamente si una revisi\u00f3n cambia los permisos de acceso para una p\u00e1gina en sitios con los plugins git y recentchanges y la interfaz CGI habilitados, lo que permite a atacantes remotos revertir ciertos cambios aprovechando permisos para cambiar la p\u00e1gina antes de que sea hecha la revisi\u00f3n."
}
],
"id": "CVE-2016-10026",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-02-13T18:59:00.363",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Vendor Advisory"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "https://ikiwiki.info/security/#index46h2"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-284"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2016-4561
Vulnerability from fkie_nvd - Published: 2016-05-10 19:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| ikiwiki | ikiwiki | * | |
| debian | debian_linux | 8.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:ikiwiki:ikiwiki:*:*:*:*:*:*:*:*",
"matchCriteriaId": "8F8F89FC-3CF4-40DA-933B-4D0C3A1F2253",
"versionEndIncluding": "3.20160121",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*",
"matchCriteriaId": "C11E6FB0-C8C0-4527-9AA0-CB9B316F8F43",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
},
{
"lang": "es",
"value": "Vulnerabilidad de XSS en la funci\u00f3n cgierror en CGI.pm en ikiwiki en versiones anteriores a 3.20160506 podr\u00eda permitir a atacantes remotos inyectar secuencias de comandos web o HTML arbitrarios a trav\u00e9s de vectores no especificados que implican un mensaje de error."
}
],
"id": "CVE-2016-4561",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
"version": "3.0"
},
"exploitabilityScore": 2.8,
"impactScore": 2.7,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2016-05-10T19:59:04.307",
"references": [
{
"source": "security@debian.org",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index43h2"
},
{
"source": "security@debian.org",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"source": "security@debian.org",
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://ikiwiki.info/security/#index43h2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2016/dsa-3571"
}
],
"sourceIdentifier": "security@debian.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2015-2793 (GCVE-0-2015-2793)
Vulnerability from cvelistv5 – Published: 2019-11-21 19:48 – Updated: 2024-08-06 05:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20150329"
}
]
}
],
"datePublic": "2015-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T19:48:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20150329"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"name": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/",
"refsource": "MISC",
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77",
"refsource": "MISC",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/30/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/31/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2793",
"datePublished": "2019-11-21T19:48:14",
"dateReserved": "2015-03-30T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1673 (GCVE-0-2010-1673)
Vulnerability from cvelistv5 – Published: 2019-10-30 22:56 – Updated: 2024-08-07 01:35
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:56:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-1673",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"name": "https://ikiwiki.info/security/#index37h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index37h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1673",
"datePublished": "2019-10-30T22:56:21",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1408 (GCVE-0-2011-1408)
Vulnerability from cvelistv5 – Published: 2019-10-29 19:51 – Updated: 2024-08-06 22:28
VLAI?
Summary
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T19:51:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1408",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"name": "https://ikiwiki.info/security/#index40h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"name": "https://www.tenable.com/plugins/nessus/55157",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/55157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1408",
"datePublished": "2019-10-29T19:51:39",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0428 (GCVE-0-2011-0428)
Vulnerability from cvelistv5 – Published: 2019-10-29 17:28 – Updated: 2024-08-06 21:51
VLAI?
Summary
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T17:28:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-0428",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"name": "https://ikiwiki.info/security/#index38h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index38h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0428",
"datePublished": "2019-10-29T17:28:37",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9187 (GCVE-0-2019-9187)
Vulnerability from cvelistv5 – Published: 2019-06-05 17:55 – Updated: 2024-08-04 21:38
VLAI?
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T19:49:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9187",
"datePublished": "2019-06-05T17:55:37",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9646 (GCVE-0-2016-9646)
Vulnerability from cvelistv5 – Published: 2018-04-13 15:00 – Updated: 2024-09-16 16:53
VLAI?
Title
Commit metadata forgery via CGI::FormBuilder context-dependent APIs
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Severity ?
No CVSS data available.
CWE
- commit metadata forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20161229"
}
]
}
],
"datePublic": "2016-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "commit metadata forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T14:57:02",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
},
"title": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-29T19:29:00.000Z",
"ID": "CVE-2016-9646",
"STATE": "PUBLIC",
"TITLE": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20161229"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "commit metadata forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9646",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9646",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9646",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T16:53:21.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0356 (GCVE-0-2017-0356)
Vulnerability from cvelistv5 – Published: 2018-04-13 15:00 – Updated: 2024-09-17 02:51
VLAI?
Title
Authentication bypass via repeated parameters
Summary
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20170111"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass via repeated parameters",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-01-11T23:51:00.000Z",
"ID": "CVE-2017-0356",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass via repeated parameters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20170111"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://ikiwiki.info/security/#cve-2017-0356",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95420"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0356",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-17T02:51:42.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9645 (GCVE-0-2016-9645)
Vulnerability from cvelistv5 – Published: 2018-04-10 22:00 – Updated: 2024-09-16 17:03
VLAI?
Title
Editing restriction bypass for git revert
Summary
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
Severity ?
No CVSS data available.
CWE
- restriction bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "3.20161229 and prior"
}
]
}
],
"datePublic": "2016-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T21:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
},
"title": "Editing restriction bypass for git revert",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-28T23:00:00.000Z",
"ID": "CVE-2016-9645",
"STATE": "PUBLIC",
"TITLE": "Editing restriction bypass for git revert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "3.20161229 and prior"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9645",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9645",
"refsource": "MISC",
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"name": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9645",
"datePublished": "2018-04-10T22:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T17:03:23.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10026 (GCVE-0-2016-10026)
Vulnerability from cvelistv5 – Published: 2017-02-13 18:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"name": "https://ikiwiki.info/security/#index46h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10026",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4561 (GCVE-0-2016-4561)
Vulnerability from cvelistv5 – Published: 2016-05-10 19:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-10T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7",
"refsource": "CONFIRM",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"name": "http://ikiwiki.info/security/#index43h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index43h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4561",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-2793 (GCVE-0-2015-2793)
Vulnerability from nvd – Published: 2019-11-21 19:48 – Updated: 2024-08-06 05:24
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi.
Severity ?
No CVSS data available.
CWE
- Cross-Site Scripting
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T05:24:39.090Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20150329"
}
]
}
],
"datePublic": "2015-03-30T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "Cross-Site Scripting",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-11-21T19:48:14",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2015-2793",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20150329"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in templates/openid-selector.tmpl in ikiwiki before 3.20150329 allows remote attackers to inject arbitrary web script or HTML via the openid_identifier parameter in a verify action to ikiwiki.cgi."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "Cross-Site Scripting"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157025.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157001.html"
},
{
"name": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html",
"refsource": "MISC",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-May/157023.html"
},
{
"name": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/",
"refsource": "MISC",
"url": "https://ikiwiki.info/bugs/XSS_Alert...__33____33____33__/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1207210"
},
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77",
"refsource": "MISC",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=18dfba868fe2fb9c64706b2123eb0b3a3ce66a77"
},
{
"name": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483",
"refsource": "MISC",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=781483"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/30/5",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/30/5"
},
{
"name": "http://openwall.com/lists/oss-security/2015/03/31/1",
"refsource": "MISC",
"url": "http://openwall.com/lists/oss-security/2015/03/31/1"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2015-2793",
"datePublished": "2019-11-21T19:48:14",
"dateReserved": "2015-03-30T00:00:00",
"dateUpdated": "2024-08-06T05:24:39.090Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-1673 (GCVE-0-2010-1673)
Vulnerability from nvd – Published: 2019-10-30 22:56 – Updated: 2024-08-07 01:35
VLAI?
Summary
A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T01:35:53.640Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-11-12T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-30T22:56:21",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index37h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-1673",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A cross-site scripting (XSS) vulnerability in ikiwiki before 3.20101112 allows remote attackers to inject arbitrary web script or HTML via a comment."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2010-1673",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2010-1673"
},
{
"name": "https://ikiwiki.info/security/#index37h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index37h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-1673",
"datePublished": "2019-10-30T22:56:21",
"dateReserved": "2010-04-30T00:00:00",
"dateUpdated": "2024-08-07T01:35:53.640Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-1408 (GCVE-0-2011-1408)
Vulnerability from nvd – Published: 2019-10-29 19:51 – Updated: 2024-08-06 22:28
VLAI?
Summary
ikiwiki before 3.20110608 allows remote attackers to hijack root's tty and run symlink attacks.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T22:28:40.899Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-06-15T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T19:51:39",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.tenable.com/plugins/nessus/55157"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-1408",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20110608 allows remote attackers to hijack root\u0027s tty and run symlink attacks."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-1408",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-1408"
},
{
"name": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098",
"refsource": "MISC",
"url": "https://snyk.io/vuln/SNYK-LINUX-IKIWIKI-133098"
},
{
"name": "https://ikiwiki.info/security/#index40h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index40h2"
},
{
"name": "https://www.tenable.com/plugins/nessus/55157",
"refsource": "MISC",
"url": "https://www.tenable.com/plugins/nessus/55157"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-1408",
"datePublished": "2019-10-29T19:51:39",
"dateReserved": "2011-03-10T00:00:00",
"dateUpdated": "2024-08-06T22:28:40.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-0428 (GCVE-0-2011-0428)
Vulnerability from nvd – Published: 2019-10-29 17:28 – Updated: 2024-08-06 21:51
VLAI?
Summary
Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T21:51:08.932Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-01-22T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-10-29T17:28:37",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index38h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2011-0428",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross Site Scripting (XSS) in ikiwiki before 3.20110122 could allow remote attackers to insert arbitrary JavaScript due to insufficient checking in comments."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2011-0428",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2011-0428"
},
{
"name": "https://ikiwiki.info/security/#index38h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index38h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2011-0428",
"datePublished": "2019-10-29T17:28:37",
"dateReserved": "2011-01-12T00:00:00",
"dateUpdated": "2024-08-06T21:51:08.932Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2019-9187 (GCVE-0-2019-9187)
Vulnerability from nvd – Published: 2019-06-05 17:55 – Updated: 2024-08-04 21:38
VLAI?
Summary
ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T21:38:46.560Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2019-07-17T19:49:41",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/news/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2019-9187",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20190318 [SECURITY] [DLA 1716-1] ikiwiki security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2019/03/msg00018.html"
},
{
"name": "https://ikiwiki.info/news/",
"refsource": "MISC",
"url": "https://ikiwiki.info/news/"
},
{
"name": "https://ikiwiki.info/news/version_3.20190228/",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/news/version_3.20190228/"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2019-9187",
"datePublished": "2019-06-05T17:55:37",
"dateReserved": "2019-02-26T00:00:00",
"dateUpdated": "2024-08-04T21:38:46.560Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9646 (GCVE-0-2016-9646)
Vulnerability from nvd – Published: 2018-04-13 15:00 – Updated: 2024-09-16 16:53
VLAI?
Title
Commit metadata forgery via CGI::FormBuilder context-dependent APIs
Summary
ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery.
Severity ?
No CVSS data available.
CWE
- commit metadata forgery
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:02.301Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20161229"
}
]
}
],
"datePublic": "2016-12-29T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "commit metadata forgery",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-13T14:57:02",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
},
"title": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-29T19:29:00.000Z",
"ID": "CVE-2016-9646",
"STATE": "PUBLIC",
"TITLE": "Commit metadata forgery via CGI::FormBuilder context-dependent APIs"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20161229"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder-\u003efield method (similar to the CGI-\u003eparam API that led to Bugzilla\u0027s CVE-2014-1572), which can be abused to lead to commit metadata forgery."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "commit metadata forgery"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9646",
"refsource": "CONFIRM",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9646"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9646",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2016-9646"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9646",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9646",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T16:53:21.398Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-0356 (GCVE-0-2017-0356)
Vulnerability from nvd – Published: 2018-04-13 15:00 – Updated: 2024-09-17 02:51
VLAI?
Title
Authentication bypass via repeated parameters
Summary
A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters.
Severity ?
No CVSS data available.
CWE
- authentication bypass
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T13:03:56.572Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "before 3.20170111"
}
]
}
],
"datePublic": "2017-01-11T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "authentication bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-14T09:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/95420"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
},
"title": "Authentication bypass via repeated parameters",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2017-01-11T23:51:00.000Z",
"ID": "CVE-2017-0356",
"STATE": "PUBLIC",
"TITLE": "Authentication bypass via repeated parameters"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "before 3.20170111"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin\u0027s use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "authentication bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2017/dsa-3760"
},
{
"name": "https://ikiwiki.info/security/#cve-2017-0356",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#cve-2017-0356"
},
{
"name": "[oss-security] 20170112 ikiwiki: CVE-2017-0356: Authentication bypass via repeated parameters",
"refsource": "MLIST",
"url": "https://marc.info/?l=oss-security\u0026m=148418234314276\u0026w=2"
},
{
"name": "95420",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/95420"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2017-0356",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2017-0356",
"datePublished": "2018-04-13T15:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-17T02:51:42.751Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-9645 (GCVE-0-2016-9645)
Vulnerability from nvd – Published: 2018-04-10 22:00 – Updated: 2024-09-16 17:03
VLAI?
Title
Editing restriction bypass for git revert
Summary
The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229.
Severity ?
No CVSS data available.
CWE
- restriction bypass
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T02:59:03.208Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "ikiwiki",
"vendor": "ikiwiki",
"versions": [
{
"status": "affected",
"version": "3.20161229 and prior"
}
]
}
],
"datePublic": "2016-12-28T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "restriction bypass",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-04-10T21:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
],
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
},
"title": "Editing restriction bypass for git revert",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"DATE_PUBLIC": "2016-12-28T23:00:00.000Z",
"ID": "CVE-2016-9645",
"STATE": "PUBLIC",
"TITLE": "Editing restriction bypass for git revert"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "ikiwiki",
"version": {
"version_data": [
{
"version_value": "3.20161229 and prior"
}
]
}
}
]
},
"vendor_name": "ikiwiki"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The fix for ikiwiki for CVE-2016-10026 was incomplete resulting in editing restriction bypass for git revert when using git versions older than 2.8.0. This has been fixed in 3.20161229."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "restriction bypass"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://security-tracker.debian.org/tracker/CVE-2016-9645",
"refsource": "MISC",
"url": "https://security-tracker.debian.org/tracker/CVE-2016-9645"
},
{
"name": "https://ikiwiki.info/security/#cve-2016-9645",
"refsource": "MISC",
"url": "https://ikiwiki.info/security/#cve-2016-9645"
},
{
"name": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2",
"refsource": "MISC",
"url": "https://marc.info/?l=oss-security\u0026m=148304341511854\u0026w=2"
}
]
},
"source": {
"advisory": "https://ikiwiki.info/security/#cve-2016-9645",
"discovery": "UNKNOWN"
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-9645",
"datePublished": "2018-04-10T22:00:00Z",
"dateReserved": "2016-11-29T00:00:00",
"dateUpdated": "2024-09-16T17:03:23.411Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-10026 (GCVE-0-2016-10026)
Vulnerability from nvd – Published: 2017-02-13 18:00 – Updated: 2024-08-06 03:07
VLAI?
Summary
ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T03:07:31.971Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-12-17T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-11-03T18:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2016-10026",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed/"
},
{
"name": "https://ikiwiki.info/security/#index46h2",
"refsource": "CONFIRM",
"url": "https://ikiwiki.info/security/#index46h2"
},
{
"name": "DSA-3760",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2017/dsa-3760"
},
{
"name": "[oss-security] 20161221 Re: CVE request: ikiwiki: authorization bypass when reverting changes",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/21/3"
},
{
"name": "[oss-security] 20161229 ikiwiki: CVE-2016-9645 (incomplete fix for CVE-2016-10026), CVE-2016-9646 (commit metadata forgery)",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2016/12/29/3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2016-10026",
"datePublished": "2017-02-13T18:00:00",
"dateReserved": "2016-12-21T00:00:00",
"dateUpdated": "2024-08-06T03:07:31.971Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2016-4561 (GCVE-0-2016-4561)
Vulnerability from nvd – Published: 2016-05-10 19:00 – Updated: 2024-08-06 00:32
VLAI?
Summary
Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T00:32:25.840Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2016-05-06T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-05-10T18:57:01",
"orgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"shortName": "debian"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://source.ikiwiki.branchable.com/?p=source.git%3Ba=commitdiff%3Bh=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://ikiwiki.info/security/#index43h2"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "security@debian.org",
"ID": "CVE-2016-4561",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in the cgierror function in CGI.pm in ikiwiki before 3.20160506 might allow remote attackers to inject arbitrary web script or HTML via unspecified vectors involving an error message."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7",
"refsource": "CONFIRM",
"url": "http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=32ef584dc5abb6ddb9f794f94ea0b2934967bba7"
},
{
"name": "DSA-3571",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2016/dsa-3571"
},
{
"name": "http://ikiwiki.info/security/#index43h2",
"refsource": "CONFIRM",
"url": "http://ikiwiki.info/security/#index43h2"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "79363d38-fa19-49d1-9214-5f28da3f3ac5",
"assignerShortName": "debian",
"cveId": "CVE-2016-4561",
"datePublished": "2016-05-10T19:00:00",
"dateReserved": "2016-05-06T00:00:00",
"dateUpdated": "2024-08-06T00:32:25.840Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}