vulnerability
MediaWiki: Improper Access Control (CVE-2012-4380)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:P/A:N) | Oct 19, 2017 | Oct 23, 2019 | May 16, 2022 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:P/A:N)
Published
Oct 19, 2017
Added
Oct 23, 2019
Modified
May 16, 2022
Description
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
Solution
mediawiki-upgrade-latest
References
- CVE-2012-4380
- https://attackerkb.com/topics/CVE-2012-4380
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/10
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/6
- URL-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330
- URL-https://bugzilla.redhat.com/show_bug.cgi?id=853440
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html
- URL-https://phabricator.wikimedia.org/T41824
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.