CVE-2019-12472 – mediawiki/core

Package

Manager: composer
Name: mediawiki/core
Vulnerable Version: >=1.18.0 <1.27.6 || >=1.30.0 <1.30.2 || >=1.31.0 <1.31.2 || >=1.32.0 <1.32.2

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00198 pctl0.42041

Details

MediaWiki Incorrect Access Control vulnerability An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Metadata

Created: 2022-05-24T16:49:58Z
Modified: 2024-05-15T22:46:17Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7mqg-5fgh-xh4r/GHSA-7mqg-5fgh-xh4r.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-7mqg-5fgh-xh4r
Finding: F039
Auto approve: 1