CVE-2023-29141

Опубликовано: 31 мар. 2023

Источник: debian

EPSS Низкий

Описание

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
mediawiki	fixed	1:1.39.4-1		package

Примечания

https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39
https://phabricator.wikimedia.org/T285159

EPSS

Процентиль: 48%

0.00251

Низкий

Связанные уязвимости

CVE-2023-29141

CVSS3: 9.8

ubuntu

почти 3 года назад

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CVE-2023-29141

CVSS3: 5.3

redhat

почти 3 года назад

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CVE-2023-29141

CVSS3: 9.8

nvd

почти 3 года назад

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

GHSA-5vj8-g3qg-4qh6

CVSS3: 9.8

github

почти 3 года назад

X-Forwarded-For header allows brute-forcing autoblocked IP addresses

EPSS

Процентиль: 48%

0.00251

Низкий