PT-2017-8967 · Wikimedia · Mediawiki
Bawolff
·
Published
2017-04-20
·
Updated
2017-04-24
·
CVE-2016-6337
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki versions 1.27.x before 1.27.1
Description
The issue might allow remote attackers to bypass intended session access restrictions. This is achieved by leveraging a call to the
UserGetRights function after Session::getAllowedUserRights.Recommendations
For MediaWiki versions 1.27.x before 1.27.1, update to version 1.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on session access restrictions until the update can be applied.
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Mediawiki