Summary
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
Solution
For the stable distribution (wheezy), these problems have been fixed in version 0.0.20120125b-2+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 0.0.20140929.a-1.
We recommend that you upgrade your dokuwiki packages.
Insight
DokuWiki is a wiki mainly aimed at creating documentation of any kind.
It is targeted at developer teams, workgroups and small companies. It has a simple but powerful syntax which makes sure the datafiles remain readable outside the wiki and eases the creation of structured texts.
All data is stored in plain text files -- no database is required.
Affected
dokuwiki on Debian Linux
Detection
This check tests the installed software version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-8761, CVE-2014-8762, CVE-2014-8763, CVE-2014-8764 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities