PT-2018-3568 · Wikimedia+1 · Mediawiki+1
Rxy
·
Publicado
2018-09-22
·
Atualizado
2022-05-13
·
CVE-2018-0505
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:C/A:N |
Name of the Vulnerable Software and Affected Versions:
MediaWiki versions 1.31 before 1.31.1
MediaWiki version 1.30.1
MediaWiki version 1.29.3
MediaWiki version 1.27.5
Description:
The issue is related to a flaw in the authentication procedure, allowing attackers to bypass CentralAuth's account lock. This can be exploited by remote attackers. The flaw is associated with BotPasswords.
Recommendations:
For MediaWiki version 1.31 before 1.31.1, update to version 1.31.1 or later.
For MediaWiki version 1.30.1, consider upgrading to a newer version.
For MediaWiki version 1.29.3, consider upgrading to a newer version.
For MediaWiki version 1.27.5, consider upgrading to a newer version.
As a temporary workaround, consider restricting the use of BotPasswords until a patch is available.
Exploit
Correção
Improper Authentication
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Mediawiki