PT-2018-3569 · Wikimedia+1 · Mediawiki+1
Matmarex
·
Published
2018-09-21
·
Updated
2022-05-13
·
CVE-2018-0503
CVSS v3.1
4.3
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N |
Name of the Vulnerable Software and Affected Versions:
MediaWiki versions 1.31 before 1.31.1
MediaWiki version 1.30.1
MediaWiki version 1.29.3
MediaWiki version 1.27.5
Description:
The issue is related to insecure privilege management in MediaWiki, allowing a remote attacker to impact the integrity of protected information using the
$wgRateLimits argument. Specifically, the $wgRateLimits entry for 'user' overrides that for 'newbie', contrary to the documentation.Recommendations:
For MediaWiki version 1.31 before 1.31.1, update to version 1.31.1 or later.
For MediaWiki version 1.30.1, consider updating to a newer version.
For MediaWiki version 1.29.3, consider updating to a newer version.
For MediaWiki version 1.27.5, consider updating to a newer version.
As a temporary workaround, consider reviewing and adjusting the
$wgRateLimits settings to ensure proper privilege management.Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki