Lucene search

GitHub_MCVE-2024-36123

HistoryJun 03, 2024 - 3:15 p.m.

CVE-2024-36123

2024-06-0315:15:08

CWE-79

GitHub_M

web.nvd.nist.gov

nvd

security vulnerability

cve-2024-36123

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Citizen is a MediaWiki skin that makes extensions part of the cohesive experience. The page MediaWiki:Tagline has its contents used unescaped, so custom HTML (including Javascript) can be injected by someone with the ability to edit the MediaWiki namespace (typically those with the editinterface permission, or sysops). This vulnerability is fixed in 2.16.0.

Affected configurations

Vulners

Vulnrichment

Node

starcitizentoolsmediawiki_skins_citizenRange<2.16.0

VendorProductVersionCPE
starcitizentoolsmediawiki_skins_citizen*cpe:2.3:a:starcitizentools:mediawiki_skins_citizen:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
starcitizentools	mediawiki_skins_citizen	*	cpe:2.3:a:starcitizentools:mediawiki_skins_citizen::::::::

CNA Affected

[
  {
    "vendor": "StarCitizenTools",
    "product": "mediawiki-skins-Citizen",
    "versions": [
      {
        "version": "< 2.16.0",
        "status": "affected"
      }
    ]
  }
]

References

github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L190-L195

github.com/StarCitizenTools/mediawiki-skins-Citizen/blob/c11fbf67a99366d5a40ef880469b222679e3b475/includes/Components/CitizenComponentPageHeading.php#L197-L201

github.com/StarCitizenTools/mediawiki-skins-Citizen/commit/4a43280242f33e54643087da4a7f40970d2640c9

github.com/StarCitizenTools/mediawiki-skins-Citizen/releases

github.com/StarCitizenTools/mediawiki-skins-Citizen/security/advisories/GHSA-jhm6-qjhq-5mf9

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N

AI Score

6.7

Confidence

Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-36123