Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2020-25827

Опубликовано: 27 сент. 2020
Источник: debian
EPSS Низкий

Описание

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
mediawikifixed1:1.35.0-1package

Примечания

  • https://lists.wikimedia.org/pipermail/wikitech-l/2020-September/093888.html

  • https://phabricator.wikimedia.org/T251661

EPSS

Процентиль: 47%
0.00239
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2020-25827

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

redhat логотип

CVE-2020-25827

CVSS3: 7.5
redhat
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

nvd логотип

CVE-2020-25827

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

github логотип

GHSA-rqvj-fc2x-99q6

CVSS3: 7.5
github
больше 3 лет назад

OATHAuth extension in MediaWiki is not implementing rate limit

fstec логотип

BDU:2022-07046

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость расширения OATHAuth программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю обойти существующие ограничения безопасности с помощью атаки методом «грубой силы» (brute force)

EPSS

Процентиль: 47%
0.00239
Низкий