CVE-2004-2559 - OpenCVE

DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Andreas Gohr	Dokuwiki

Configuration 1 [-]

OR	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:::::::*
	cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:::::::*

No data.

References

Link	Providers
http://securitytracker.com/id?1011802
http://wiki.splitbrain.org/wiki:old_changes
http://www.osvdb.org/11005
https://exchange.xforce.ibmcloud.com/vulnerabilities/17799

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2005-11-22T02:00:00

Updated: 2024-08-08T01:29:14.057Z

Reserved: 2005-11-22T00:00:00

Link: CVE-2004-2559

Vulnrichment

No data.

NVD

Status : Modified

Published: 2004-12-31T05:00:00.000

Modified: 2017-07-11T01:32:00.657

Link: CVE-2004-2559

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2004-10-19T00:00:00", "descriptions": [{"lang": "en", "value": "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-07-10T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1011802", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1011802"}, {"name": "dokuwiki-acl-gain-access(17799)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799"}, {"name": "11005", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/11005"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://wiki.splitbrain.org/wiki:old_changes"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2004-2559", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1011802", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1011802"}, {"name": "dokuwiki-acl-gain-access(17799)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799"}, {"name": "11005", "refsource": "OSVDB", "url": "http://www.osvdb.org/11005"}, {"name": "http://wiki.splitbrain.org/wiki:old_changes", "refsource": "CONFIRM", "url": "http://wiki.splitbrain.org/wiki:old_changes"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T01:29:14.057Z"}, "title": "CVE Program Container", "references": [{"name": "1011802", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1011802"}, {"name": "dokuwiki-acl-gain-access(17799)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799"}, {"name": "11005", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/11005"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://wiki.splitbrain.org/wiki:old_changes"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2004-2559", "datePublished": "2005-11-22T02:00:00", "dateReserved": "2005-11-22T00:00:00", "dateUpdated": "2024-08-08T01:29:14.057Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-04:*:*:*:*:*:*:*", "matchCriteriaId": "7FFB3CD9-5B04-4200-87CF-F1B65902D0B0", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-07:*:*:*:*:*:*:*", "matchCriteriaId": "84F5F7BA-00EF-4ACB-A8BA-0CD06A9ABB44", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-12:*:*:*:*:*:*:*", "matchCriteriaId": "63EDDA58-22F6-456A-986D-6A58FD818F5D", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-21:*:*:*:*:*:*:*", "matchCriteriaId": "C907D889-8DD7-4542-A74E-C318271E5812", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-07-25:*:*:*:*:*:*:*", "matchCriteriaId": "46E98CDA-E813-427A-944A-2A768F075021", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-08:*:*:*:*:*:*:*", "matchCriteriaId": "E589DA1C-7428-48A3-A115-3168F99584E6", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-15a:*:*:*:*:*:*:*", "matchCriteriaId": "2B197CF8-3729-414F-8BAA-BC709DEAA140", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-08-22:*:*:*:*:*:*:*", "matchCriteriaId": "E5470BA9-F1F1-484B-B4D2-328D98483D55", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-12:*:*:*:*:*:*:*", "matchCriteriaId": "43D11132-69EC-40DD-9D62-CC2B7DF7C344", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-25:*:*:*:*:*:*:*", "matchCriteriaId": "EDCFDB3E-AB07-4E4C-A065-617A39505EB9", "vulnerable": true}, {"criteria": "cpe:2.3:a:andreas_gohr:dokuwiki:release_2004-09-30:*:*:*:*:*:*:*", "matchCriteriaId": "E4A4E1DB-705A-4FD8-913B-D43C4E9117A3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "DokuWiki before 2004-10-19 allows remote attackers to access administrative functionality including (1) Mediaselectiondialog, (2) Recent changes, (3) feed, and (4) search, possibly due to the lack of ACL checks."}], "id": "CVE-2004-2559", "lastModified": "2017-07-11T01:32:00.657", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2004-12-31T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://securitytracker.com/id?1011802"}, {"source": "cve@mitre.org", "url": "http://wiki.splitbrain.org/wiki:old_changes"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/11005"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/17799"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}