Описание
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
| Релиз | Статус | Примечание |
|---|---|---|
| bionic | ignored | end of standard support, was needed |
| cosmic | ignored | end of life |
| devel | released | 1:1.31.2-1 |
| disco | ignored | end of life |
| eoan | released | 1:1.31.2-1 |
| esm-apps/bionic | needed | |
| esm-apps/focal | released | 1:1.31.2-1 |
| esm-apps/jammy | released | 1:1.31.2-1 |
| esm-apps/noble | released | 1:1.31.2-1 |
| esm-infra-legacy/trusty | DNE |
Показывать по
7.5 High
CVSS2
9.8 Critical
CVSS3
Связанные уязвимости
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
An Incorrect Access Control vulnerability was found in Wikimedia Media ...
Wikimedia MediaWiki Incorrect Access Control vulnerability
Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с возможностью обхода повторной аутентификации, позволяющая нарушителю оказать воздействие на целостность данных, получить несанкционированный доступ к защищаемой информации, а также вызвать отказ в обслуживании
7.5 High
CVSS2
9.8 Critical
CVSS3