Lucene search

[email protected]CVE-2018-0503

HistoryOct 04, 2018 - 8:29 p.m.

CVE-2018-0503

2018-10-0420:29:00

CWE-269

[email protected]

web.nvd.nist.gov

mediawiki

cve-2018-0503

security

flaw

ratelimits

nvd

4 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:S/C:N/I:P/A:N

4.3 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

5.1 Medium

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.1%

JSON

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for ‘user’ overrides that for ‘newbie’.

Affected configurations

NVD

Node

mediawikimediawikiRange1.31.0–1.31.1

mediawikimediawikiMatch1.27.5

mediawikimediawikiMatch1.29.3

mediawikimediawikiMatch1.30.1

Node

debiandebian_linuxMatch9.0

CPENameOperatorVersion
mediawiki:mediawikimediawikilt1.31.1
mediawiki:mediawikimediawikieq1.27.5
mediawiki:mediawikimediawikieq1.29.3
mediawiki:mediawikimediawikieq1.30.1

CPE	Name	Operator	Version
mediawiki:mediawiki	mediawiki	lt	1.31.1
mediawiki:mediawiki	mediawiki	eq	1.27.5
mediawiki:mediawiki	mediawiki	eq	1.29.3
mediawiki:mediawiki	mediawiki	eq	1.30.1

CNA Affected

[
  {
    "product": "mediawiki",
    "vendor": "mediawiki",
    "versions": [
      {
        "status": "affected",
        "version": "before 1.31.1, 1.30.1, 1.29.3 and 1.27.5"
      }
    ]
  }
]