7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
MediaWiki is a free and free-to-use web-based wiki engine from the U.S. Wikimedia (MediaWiki) Foundation. The product can be used to deploy internal knowledge management and content management systems. mediaWiki suffers from an authorization issue vulnerability that stems from a lack of authentication in the mcrundo operation, which can be exploited by attackers to bypass editing restrictions by leaking page content from private wikis.
CPE | Name | Operator | Version |
---|---|---|---|
MediaWiki MediaWiki >=1.36.0, | lt | 1.36.3 | |
MediaWiki MediaWiki | lt | 1.35.5 | |
MediaWiki MediaWiki >=1.37.0, | lt | 1.37.1 |
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N