exploitDog

CVE-2021-31554

Опубликовано: 22 апр. 2021

Источник: nvd

CVSS3: 5.4

CVSS2: 5.5

EPSS Низкий

Описание

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

Ссылки

https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
Issue Tracking
Vendor Advisory
https://phabricator.wikimedia.org/T272244
Third Party Advisory
https://gerrit.wikimedia.org/r/q/Ie1f4333d5b1c9d17fb2236fe38a31de427a4cc48
Issue Tracking
Vendor Advisory
https://phabricator.wikimedia.org/T272244
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*

Версия до 1.35.2 (включая)

EPSS

Процентиль: 26%

0.00092

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863

Связанные уязвимости

GHSA-j4g8-vqq3-7h58

CVSS3: 5.4

github

больше 3 лет назад

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It improperly handled account blocks for certain automatically created MediaWiki user accounts, thus allowing nefarious users to remain unblocked.

EPSS

Процентиль: 26%

0.00092

Низкий

5.4 Medium

CVSS3

5.5 Medium

CVSS2

Дефекты

CWE-863