FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dokuwiki -- multiple vulnerabilities

Affected packages
dokuwiki < 20091225_2

Details

VuXML ID 848539dc-0458-11df-8dd7-002170daae37
Discovery 2010-01-17
Entry 2010-01-18
Modified 2010-05-02

Dokuwiki reports:

The plugin does no checks against cross-site request forgeries (CSRF) which can be exploited to e.g. change the access control rules by tricking a logged in administrator into visiting a malicious web site.

The bug allows listing the names of arbitrary file on the webserver - not their contents. This could leak private information about wiki pages and server structure.

References

CVE Name CVE-2010-0287
CVE Name CVE-2010-0288
CVE Name CVE-2010-0289
URL http://bugs.splitbrain.org/index.php?do=details&task_id=1847
URL http://bugs.splitbrain.org/index.php?do=details&task_id=1853