| 0 |
| url |
VCID-41fp-ar4e-muam |
| vulnerability_id |
VCID-41fp-ar4e-muam |
| summary |
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12467, GHSA-6vfg-8ppv-h5hg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-41fp-ar4e-muam |
|
| 1 |
| url |
VCID-5d6t-am8p-3kab |
| vulnerability_id |
VCID-5d6t-am8p-3kab |
| summary |
Mediawiki Improper Privilege Management
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-5m1h-d3k7-wbd4 |
|
| 3 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 4 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 5 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 6 |
| vulnerability |
VCID-77gx-zju5-d7af |
|
| 7 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 8 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 9 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 10 |
| vulnerability |
VCID-dsh9-aupc-6kce |
|
| 11 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 12 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 13 |
| vulnerability |
VCID-p39b-8e53-tfgj |
|
| 14 |
| vulnerability |
VCID-q1rw-mxdb-gbe7 |
|
| 15 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 16 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 17 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 18 |
| vulnerability |
VCID-x8p9-z9ze-n7ac |
|
| 19 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0503, GHSA-mhfv-9h99-jwg7
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-5d6t-am8p-3kab |
|
| 2 |
|
| 3 |
| url |
VCID-6nt8-u5br-yqam |
| vulnerability_id |
VCID-6nt8-u5br-yqam |
| summary |
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12469, GHSA-x3fr-w7r5-x7rg
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-6nt8-u5br-yqam |
|
| 4 |
| url |
VCID-7119-yrmu-2kb8 |
| vulnerability_id |
VCID-7119-yrmu-2kb8 |
| summary |
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12471, GHSA-2rm7-xxx8-35jh
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7119-yrmu-2kb8 |
|
| 5 |
| url |
VCID-77ck-3e5e-rkb9 |
| vulnerability_id |
VCID-77ck-3e5e-rkb9 |
| summary |
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12470, GHSA-733q-m38x-q7cc
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-77ck-3e5e-rkb9 |
|
| 6 |
| url |
VCID-7fnd-1drh-rfcq |
| vulnerability_id |
VCID-7fnd-1drh-rfcq |
| summary |
resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page. |
| references |
|
| fixed_packages |
|
| aliases |
CVE-2020-10959, GHSA-mqhw-wq8p-vf5r
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7fnd-1drh-rfcq |
|
| 7 |
| url |
VCID-7r42-v9vc-afcx |
| vulnerability_id |
VCID-7r42-v9vc-afcx |
| summary |
In MediaWiki before 1.31.8, 1.32.x and 1.33.x before 1.33.4, and 1.34.x before 1.34.2, private wikis behind a caching server using the img_auth.php image authorization security feature may have had their files cached publicly, so any unauthorized user could view them. This occurs because Cache-Control and Vary headers were mishandled. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
| 20 |
|
| 21 |
|
|
| fixed_packages |
|
| aliases |
CVE-2020-15005, GHSA-xpv7-93cm-4mxv
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-7r42-v9vc-afcx |
|
| 8 |
| url |
VCID-8te2-uyp7-c7b2 |
| vulnerability_id |
VCID-8te2-uyp7-c7b2 |
| summary |
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12474, GHSA-2qrr-c2gh-pr35
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-8te2-uyp7-c7b2 |
|
| 9 |
| url |
VCID-cdzw-fsu7-5ybt |
| vulnerability_id |
VCID-cdzw-fsu7-5ybt |
| summary |
Mediawiki BotPassword can bypass CentralAuth's account lock
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-5m1h-d3k7-wbd4 |
|
| 3 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 4 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 5 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 6 |
| vulnerability |
VCID-77gx-zju5-d7af |
|
| 7 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 8 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 9 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 10 |
| vulnerability |
VCID-dsh9-aupc-6kce |
|
| 11 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 12 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 13 |
| vulnerability |
VCID-p39b-8e53-tfgj |
|
| 14 |
| vulnerability |
VCID-q1rw-mxdb-gbe7 |
|
| 15 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 16 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 17 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 18 |
| vulnerability |
VCID-x8p9-z9ze-n7ac |
|
| 19 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0505, GHSA-5c6w-f4w2-2grp
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-cdzw-fsu7-5ybt |
|
| 10 |
| url |
VCID-dqvd-5d51-sbge |
| vulnerability_id |
VCID-dqvd-5d51-sbge |
| summary |
Mediawiki information disclosure vulnerability
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
|
| fixed_packages |
| 0 |
| url |
pkg:composer/mediawiki/core@1.27.5 |
| purl |
pkg:composer/mediawiki/core@1.27.5 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.27.5 |
|
| 1 |
|
| 2 |
| url |
pkg:composer/mediawiki/core@1.30.1 |
| purl |
pkg:composer/mediawiki/core@1.30.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 3 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 4 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 5 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 6 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 7 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 8 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 9 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 10 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 11 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 12 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 13 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.30.1 |
|
| 3 |
| url |
pkg:composer/mediawiki/core@1.31.1 |
| purl |
pkg:composer/mediawiki/core@1.31.1 |
| is_vulnerable |
true |
| affected_by_vulnerabilities |
| 0 |
| vulnerability |
VCID-41fp-ar4e-muam |
|
| 1 |
| vulnerability |
VCID-5djd-epmq-qbft |
|
| 2 |
| vulnerability |
VCID-5m1h-d3k7-wbd4 |
|
| 3 |
| vulnerability |
VCID-6nt8-u5br-yqam |
|
| 4 |
| vulnerability |
VCID-7119-yrmu-2kb8 |
|
| 5 |
| vulnerability |
VCID-77ck-3e5e-rkb9 |
|
| 6 |
| vulnerability |
VCID-77gx-zju5-d7af |
|
| 7 |
| vulnerability |
VCID-7fnd-1drh-rfcq |
|
| 8 |
| vulnerability |
VCID-7r42-v9vc-afcx |
|
| 9 |
| vulnerability |
VCID-8te2-uyp7-c7b2 |
|
| 10 |
| vulnerability |
VCID-dsh9-aupc-6kce |
|
| 11 |
| vulnerability |
VCID-e3pm-2tfy-qkaa |
|
| 12 |
| vulnerability |
VCID-najx-n63u-tqf5 |
|
| 13 |
| vulnerability |
VCID-p39b-8e53-tfgj |
|
| 14 |
| vulnerability |
VCID-q1rw-mxdb-gbe7 |
|
| 15 |
| vulnerability |
VCID-rm5w-m3u5-s3en |
|
| 16 |
| vulnerability |
VCID-wn7c-cwg4-rke1 |
|
| 17 |
| vulnerability |
VCID-wte4-8b73-p3hw |
|
| 18 |
| vulnerability |
VCID-x8p9-z9ze-n7ac |
|
| 19 |
| vulnerability |
VCID-xxzh-tyxs-6ugj |
|
|
| resource_url |
http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.1 |
|
|
| aliases |
CVE-2018-0504, GHSA-hr8v-f4g2-p66f
|
| risk_score |
3.1 |
| exploitability |
0.5 |
| weighted_severity |
6.2 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-dqvd-5d51-sbge |
|
| 11 |
| url |
VCID-e3pm-2tfy-qkaa |
| vulnerability_id |
VCID-e3pm-2tfy-qkaa |
| summary |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12472, GHSA-7mqg-5fgh-xh4r
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-e3pm-2tfy-qkaa |
|
| 12 |
| url |
VCID-najx-n63u-tqf5 |
| vulnerability_id |
VCID-najx-n63u-tqf5 |
| summary |
MediaWiki Denial of Service vulnerability
An issue was discovered in ApiPageSet.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. It allows attackers to cause a denial of service (unbounded loop and RequestTimeoutException) when querying pages redirected to other variants with redirects and converttitles set. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
| reference_url |
https://github.com/wikimedia/mediawiki |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
|
| url |
https://github.com/wikimedia/mediawiki |
|
| 6 |
|
| 7 |
|
| 8 |
| reference_url |
https://phabricator.wikimedia.org/T333050 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://phabricator.wikimedia.org/T333050 |
|
| 9 |
| reference_url |
https://www.debian.org/security/2023/dsa-5520 |
| reference_id |
|
| reference_type |
|
| scores |
| 0 |
| value |
7.5 |
| scoring_system |
cvssv3.1 |
| scoring_elements |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
|
| 1 |
| value |
8.7 |
| scoring_system |
cvssv4 |
| scoring_elements |
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N |
|
| 2 |
| value |
HIGH |
| scoring_system |
generic_textual |
| scoring_elements |
|
|
| 3 |
| value |
Track |
| scoring_system |
ssvc |
| scoring_elements |
SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-10-15T17:28:57Z/ |
|
|
| url |
https://www.debian.org/security/2023/dsa-5520 |
|
| 10 |
|
| 11 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-45363, GHSA-w5fx-cx7f-6vr9
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-najx-n63u-tqf5 |
|
| 13 |
| url |
VCID-rm5w-m3u5-s3en |
| vulnerability_id |
VCID-rm5w-m3u5-s3en |
| summary |
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12468, GHSA-wrhx-3pxr-6vgg
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-rm5w-m3u5-s3en |
|
| 14 |
| url |
VCID-wn7c-cwg4-rke1 |
| vulnerability_id |
VCID-wn7c-cwg4-rke1 |
| summary |
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
|
| fixed_packages |
|
| aliases |
CVE-2019-12473, GHSA-33xw-x3pr-rvqj
|
| risk_score |
4.0 |
| exploitability |
0.5 |
| weighted_severity |
8.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wn7c-cwg4-rke1 |
|
| 15 |
| url |
VCID-wte4-8b73-p3hw |
| vulnerability_id |
VCID-wte4-8b73-p3hw |
| summary |
X-Forwarded-For header allows brute-forcing autoblocked IP addresses
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header. |
| references |
| 0 |
|
| 1 |
|
| 2 |
|
| 3 |
|
| 4 |
|
| 5 |
|
| 6 |
|
| 7 |
|
| 8 |
|
| 9 |
|
| 10 |
|
| 11 |
|
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
|
| 16 |
|
| 17 |
|
| 18 |
|
| 19 |
|
|
| fixed_packages |
|
| aliases |
CVE-2023-29141, GHSA-5vj8-g3qg-4qh6
|
| risk_score |
4.5 |
| exploitability |
0.5 |
| weighted_severity |
9.0 |
| resource_url |
http://public2.vulnerablecode.io/vulnerabilities/VCID-wte4-8b73-p3hw |
|
| 16 |
|