CVE-2020-5302

Опубликовано: 07 апр. 2020

Источник: nvd

CVSS3: 8.2

CVSS3: 6.5

CVSS2: 6.4

EPSS Низкий

Описание

MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.

Ссылки

https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1
https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9
Third Party Advisory
https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1
https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mh-wikibot_project:mh-wikibot:*:*:*:*:*:*:*:*

Версия до 2020-04-06 (исключая)

EPSS

Процентиль: 47%

0.00245

Низкий

8.2 High

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-284

CWE-269

EPSS

Процентиль: 47%

0.00245

Низкий

8.2 High

CVSS3

6.5 Medium

CVSS3

6.4 Medium

CVSS2

Дефекты

CWE-284

CWE-269