Описание
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
Ссылки
- PatchVendor Advisory
- Issue TrackingPatchVendor Advisory
- PatchVendor Advisory
- Issue TrackingPatchVendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 1.39.0 (включая)
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Конфигурация 2
cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
EPSS
Процентиль: 48%
0.00254
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-863
CWE-863
Связанные уязвимости
CVSS3: 5.5
redhat
около 3 лет назад
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
CVSS3: 4.3
github
около 3 лет назад
In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties.
EPSS
Процентиль: 48%
0.00254
Низкий
4.3 Medium
CVSS3
Дефекты
CWE-863
CWE-863