CVE-2018-0503

Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31 before 1.31.1 MediaWiki version 1.30.1 MediaWiki version 1.29.3 MediaWiki version 1.27.5

Description: The issue is related to insecure privilege management in MediaWiki, allowing a remote attacker to impact the integrity of protected information using the $wgRateLimits argument. Specifically, the $wgRateLimits entry for 'user' overrides that for 'newbie', contrary to the documentation.

Recommendations: For MediaWiki version 1.31 before 1.31.1, update to version 1.31.1 or later. For MediaWiki version 1.30.1, consider updating to a newer version. For MediaWiki version 1.29.3, consider updating to a newer version. For MediaWiki version 1.27.5, consider updating to a newer version. As a temporary workaround, consider reviewing and adjusting the $wgRateLimits settings to ensure proper privilege management.