Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2021-30158

Опубликовано: 19 мар. 2021
Источник: redhat
CVSS3: 4.3

Описание

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

In mediawiki a blocked users are not able to use Special:ResetTokens. If such user shared a token (accidentally or not) then it wasn't possible to block any potential future use of the compromised token.

Отчет

The mediawiki package was removed from OpenShift Container Platform (OCP) in version 4.3, therefore for OCP 4 has been marked as out of support scope.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Container Platform 3.11mediawikiFix deferred
Red Hat OpenShift Container Platform 4mediawikiOut of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-287
https://bugzilla.redhat.com/show_bug.cgi?id=1946698mediawiki: blocked users are unable to use Special:ResetTokens

4.3 Medium

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2021-30158

CVSS3: 5.3
ubuntu
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

nvd логотип

CVE-2021-30158

CVSS3: 5.3
nvd
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

debian логотип

CVE-2021-30158

CVSS3: 5.3
debian
почти 5 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through ...

github логотип

GHSA-c7v8-6m32-34m3

github
больше 3 лет назад

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.

fstec логотип

BDU:2021-03167

CVSS3: 5.5
fstec
почти 5 лет назад

Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с недостатками процедуры аутентификации, позволяющая нарушителю раскрыть защищаемую информацию

4.3 Medium

CVSS3