CVE-2016-6337

Опубликовано: 20 апр. 2017

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

Ссылки

https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
Mailing List
Patch
Vendor Advisory
https://phabricator.wikimedia.org/T139670
Patch
Third Party Advisory
https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
Mailing List
Patch
Vendor Advisory
https://phabricator.wikimedia.org/T139670
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*

EPSS

Процентиль: 56%

0.00339

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284

Связанные уязвимости

CVE-2016-6337

CVSS3: 7.5

ubuntu

почти 9 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

CVE-2016-6337

CVSS3: 7.5

debian

почти 9 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass ...

GHSA-3c2m-8jfj-576j

CVSS3: 7.5

github

больше 3 лет назад

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

EPSS

Процентиль: 56%

0.00339

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-284