CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 0CVE-2019-9187 – Debian Security Advisory 4399-1
https://notcve.org/view.php?id=CVE-2019-9187
01 Mar 2019 — ikiwiki before 3.20170111.1 and 3.2018x and 3.2019x before 3.20190228 allows SSRF via the aggregate plugin. The impact also includes reading local files via file: URIs. ikiwiki anterior a versión 3.20170111.1 y versión 3.2018x y versión 3.2019x anterior a 3.20190228, permite SSRF por medio del plugin aggregate. El impacto también incluye la lectura de archivos locales por medio de archivos: URIs. Joey Hess discovered that the aggregate plugin of the Ikiwiki wiki compiler was susceptible to server-side reque... • https://ikiwiki.info/news • CWE-918: Server-Side Request Forgery (SSRF) •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2016-10026 – Debian Security Advisory 3760-1
https://notcve.org/view.php?id=CVE-2016-10026
13 Jan 2017 — ikiwiki 3.20161219 does not properly check if a revision changes the access permissions for a page on sites with the git and recentchanges plugins and the CGI interface enabled, which allows remote attackers to revert certain changes by leveraging permissions to change the page before the revision was made. ikiwiki 3.20161219 no verifica adecuadamente si una revisión cambia los permisos de acceso para una página en sitios con los plugins git y recentchanges y la interfaz CGI habilitados, lo que permite a at... • http://ikiwiki.info/bugs/rcs_revert_can_bypass_authorization_if_affected_files_were_renamed • CWE-284: Improper Access Control •
CVSS: 5.3EPSS: 0%CPEs: 4EXPL: 0CVE-2016-9646 – Commit metadata forgery via CGI::FormBuilder context-dependent APIs
https://notcve.org/view.php?id=CVE-2016-9646
13 Jan 2017 — ikiwiki before 3.20161229 incorrectly called the CGI::FormBuilder->field method (similar to the CGI->param API that led to Bugzilla's CVE-2014-1572), which can be abused to lead to commit metadata forgery. ikiwiki, en versiones anteriores a la 3.20161229, llamó incorrectamente al método CGI::FormBuilder->field (similar a la API CGI->param que desembocó en el CVE-2014-1572 de Bugzilla), que puede aprovecharse para falsificar metadatos del commit. Multiple vulnerabilities have been found in the Ikiwiki wiki c... • https://ikiwiki.info/security/#cve-2016-9646 • CWE-287: Improper Authentication •
CVSS: 9.8EPSS: 10%CPEs: 3EXPL: 1CVE-2017-0356 – Authentication bypass via repeated parameters
https://notcve.org/view.php?id=CVE-2017-0356
13 Jan 2017 — A flaw, similar to to CVE-2016-9646, exists in ikiwiki before 3.20170111, in the passwordauth plugin's use of CGI::FormBuilder, allowing an attacker to bypass authentication via repeated parameters. Existe un error similar a CVE-2016-9646 en ikiwiki, en versiones anteriores a la 3.20170111, en el uso del plugin passwordauth de CGI::FormBuilder. Esto permite que un atacante omita la autenticación mediante parámetros repetidos. Multiple vulnerabilities have been found in the Ikiwiki wiki compiler. • http://www.securityfocus.com/bid/95420 • CWE-287: Improper Authentication •