2023-04-24 12:24:31 +02:00
{
"id" : "CVE-2010-0288" ,
"sourceIdentifier" : "secalert@redhat.com" ,
"published" : "2010-02-15T18:30:00.643" ,
"lastModified" : "2019-09-23T18:13:13.707" ,
"vulnStatus" : "Modified" ,
2024-07-14 02:06:08 +00:00
"cveTags" : [ ] ,
2023-04-24 12:24:31 +02:00
"descriptions" : [
{
"lang" : "en" ,
"value" : "A typo in the administrator permission check in the ACL Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote attackers to gain privileges and access closed wikis by editing current ACL statements, as demonstrated in the wild in January 2010."
} ,
{
"lang" : "es" ,
"value" : "Una errata en el check del permiso de administrador del plugin ACL Manager (plugins/acl/ajax.php) de DokuWiki en versiones anteriores a la v2009-12-25b permite a atacantes remotos obtener privlegios y acceder a wikis cerrados editando las restricciones de ACL actuales, como se ha demostrado en Enero del 2010."
}
] ,
"metrics" : {
"cvssMetricV2" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"cvssData" : {
"version" : "2.0" ,
"vectorString" : "AV:N/AC:L/Au:N/C:P/I:P/A:P" ,
"accessVector" : "NETWORK" ,
"accessComplexity" : "LOW" ,
"authentication" : "NONE" ,
"confidentialityImpact" : "PARTIAL" ,
"integrityImpact" : "PARTIAL" ,
"availabilityImpact" : "PARTIAL" ,
"baseScore" : 7.5
} ,
"baseSeverity" : "HIGH" ,
"exploitabilityScore" : 10.0 ,
"impactScore" : 6.4 ,
"acInsufInfo" : false ,
"obtainAllPrivilege" : false ,
"obtainUserPrivilege" : false ,
"obtainOtherPrivilege" : false ,
"userInteractionRequired" : false
}
]
} ,
"weaknesses" : [
{
"source" : "nvd@nist.gov" ,
"type" : "Primary" ,
"description" : [
{
"lang" : "en" ,
"value" : "CWE-264"
}
]
}
] ,
"configurations" : [
{
"nodes" : [
{
"operator" : "OR" ,
"negate" : false ,
"cpeMatch" : [
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:*:*:*:*:*:*:*:*" ,
"versionEndIncluding" : "release_2009-02-14" ,
"matchCriteriaId" : "1BB16099-F617-464D-A7B8-5280103AEFF2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3ECA4630-84CE-4702-9009-FA5CFC68C920"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-07:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "68F931F1-FB7A-4A91-A49F-1DFABC46C43F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "181F97FD-C3E1-46D7-B39D-E6BC47D15CF2"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-21:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "13818642-7B0E-4E4B-9ED9-99FC9CFE23C1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-07-25:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5852CF41-7F0F-4E68-8C3A-0792EDE6A7CA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-08:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "1F5483FC-52E8-4683-8073-D8853B678A0D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-15a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "14430A14-DB32-4EB1-871D-2910BB5E307D"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-08-22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "17422BB4-CFCE-4993-81AC-3CABB4E51BEC"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-12:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3DFB7620-9965-476E-BFB3-0FF53D9CE742"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-25:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "48234DBF-8035-4D35-A6FC-1CF058F3B1FB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-09-30:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "C5D076EE-930B-41CA-A98E-80D39AFEA0B8"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-01:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5F4B5F1B-F24D-4353-BF11-9E4488828E54"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-02:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "480AA7CC-D8FA-45B9-A4CE-18D303913759"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2004-11-10:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "99EB6529-6662-4CA8-864C-EC1F40DBF8DA"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-14:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "B13CD41F-47CA-414E-B042-C496BA9BA0DF"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-15:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5CE6393E-B4E2-4E40-B152-EBB1A92AA07C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-01-16a:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB8775A5-B0A3-4322-A6A6-B815444EA549"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-06:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FBAFFDD3-18D2-4055-A501-5A92225059DB"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-02-18:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "FD8C79FB-A755-4AC7-9491-E1D17BEE8726"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-05-07:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "65089ACF-324B-4F95-AAA5-ED596DD25FF1"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-01:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "AB2A5412-2F05-4F07-A082-2F57A0BEC50C"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-07-13:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "558BE818-E004-4F21-B49E-BD2FB6227C78"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-19:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "3434315F-BA84-418A-B76F-1B631451DCD6"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2005-09-22:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "5120DDA0-C1A0-4B7E-ACE8-EDB09391491A"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-05:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A75E526E-7BEB-4246-9865-DA46FEC6E66E"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "E29643D4-0746-435A-97B3-608BB831339F"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2006-03-09e:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "A3CC022B-60C2-43CE-89E2-A3D25F93D430"
} ,
{
"vulnerable" : true ,
"criteria" : "cpe:2.3:a:dokuwiki:dokuwiki:2006-06-04:*:*:*:*:*:*:*" ,
"matchCriteriaId" : "9C0406EF-FD61-4737-A091-D2199186D312"
}
]
}
]
}
] ,
"references" : [
{
"url" : "http://bugs.splitbrain.org/index.php?do=details&task_id=1847" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034729.html" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://lists.fedoraproject.org/pipermail/package-announce/2010-February/034831.html" ,
"source" : "secalert@redhat.com"
} ,
2024-04-04 08:46:00 +00:00
{
"url" : "http://osvdb.org/61710" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://secunia.com/advisories/38183" ,
"source" : "secalert@redhat.com" ,
"tags" : [
"Vendor Advisory"
]
} ,
2023-04-24 12:24:31 +02:00
{
"url" : "http://security.gentoo.org/glsa/glsa-201301-07.xml" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.debian.org/security/2010/dsa-1976" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.exploit-db.com/exploits/11141" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.securityfocus.com/bid/37820" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "http://www.vupen.com/english/advisories/2010/0150" ,
"source" : "secalert@redhat.com"
} ,
{
"url" : "https://exchange.xforce.ibmcloud.com/vulnerabilities/55661" ,
"source" : "secalert@redhat.com"
}
]
}
