Описание
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php.
This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
A flaw was found in MediaWiki, specifically within the includes/auth/AuthManager.Php program file. This vulnerability affects the authentication management component. The exact nature and impact of this flaw are not fully detailed in the available information, but it indicates a weakness in how MediaWiki handles user authentication.
Отчет
The vulnerability in MediaWiki stems from its failure to consider user autocreation as a login event for security reauthentication purposes. This could impact MediaWiki instances running on Fedora 42 and Fedora 43 if user autocreation is enabled, potentially leading to unintended security bypasses during reauthentication flows.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base, or stability.
Дополнительная информация
Статус:
EPSS
0 Low
CVSS3
Связанные уязвимости
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is ...
Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/auth/AuthManager.Php. This issue affects MediaWiki: from * before 1.39.13, 1.42.7, 1.43.2, 1.44.0.
Уязвимость компонента AuthManager программного средства для реализации гипертекстовой среды MediaWiki, позволяющая нарушителю получить несанкционированный доступ к компрометируемой системе
EPSS
0 Low
CVSS3