Описание
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1:1.27.4-3 |
| devel | not-affected | 1:1.30.0-1 |
| esm-apps/bionic | not-affected | 1:1.27.4-3 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was not-affected [1:1.19.14+dfsg-1]] |
| hardy | ignored | end of life |
| lucid | ignored | end of life |
| oneiric | ignored | end of life |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
Показывать по
EPSS
5 Medium
CVSS2
Связанные уязвимости
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extens ...
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
EPSS
5 Medium
CVSS2