This script is Copyright (C) 2017 Tenable Network Security, Inc.
The remote FreeBSD host is missing a security-related update.
Mitre reports :
ikiwiki 3.20161219 does not properly check if a revision changes the
access permissions for a page on sites with the git and recentchanges
plugins and the CGI interface enabled, which allows remote attackers
to revert certain changes by leveraging permissions to change the page
before the revision was made.
When CGI::FormBuilder->field('foo') is called in list context (and in
particular in the arguments to a subroutine that takes named
arguments), it can return zero or more values for foo from the CGI
request, rather than the expected single value. This breaks the usual
Perl parsing convention for named arguments, similar to CVE-2014-1572
in Bugzilla (which was caused by a similar API design issue in
See also :
Update the affected package.
Risk factor :
Medium / CVSS Base Score : 5.0