Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2020-25827

Опубликовано: 27 сент. 2020
Источник: redhat
CVSS3: 7.5

Описание

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

Отчет

OpenShift Container Platform (OCP) delivers the mediawiki package, but the vulnerable code is not bundled, therefore OCP is not affected by this flaw.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiNot affected
Red Hat OpenShift Container Platform 4mediawikiNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-307
https://bugzilla.redhat.com/show_bug.cgi?id=1903761mediawiki: using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level

7.5 High

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2020-25827

CVSS3: 7.5
ubuntu
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

nvd логотип

CVE-2020-25827

CVSS3: 7.5
nvd
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently.

debian логотип

CVE-2020-25827

CVSS3: 7.5
debian
больше 5 лет назад

An issue was discovered in the OATHAuth extension in MediaWiki before ...

github логотип

GHSA-rqvj-fc2x-99q6

CVSS3: 7.5
github
больше 3 лет назад

OATHAuth extension in MediaWiki is not implementing rate limit

fstec логотип

BDU:2022-07046

CVSS3: 7.5
fstec
больше 5 лет назад

Уязвимость расширения OATHAuth программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю обойти существующие ограничения безопасности с помощью атаки методом «грубой силы» (brute force)

7.5 High

CVSS3