CVE-2016-6337

Опубликовано: 20 апр. 2017

Источник: debian

Описание

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mediawiki	fixed	1:1.27.1-1		package
mediawiki	end-of-life		wheezy	package

Примечания

https://lists.wikimedia.org/pipermail/wikitech-l/2016-August/086342.html

Связанные уязвимости

CVE-2016-6337

CVSS3: 7.5

ubuntu

почти 9 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

CVE-2016-6337

CVSS3: 7.5

nvd

почти 9 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

GHSA-3c2m-8jfj-576j

CVSS3: 7.5

github

больше 3 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.