Lucene search

GitHub_MCVELIST:CVE-2020-5302

HistoryApr 07, 2020 - 3:40 p.m.

CVE-2020-5302 unprivileged user can access priviledged action in MH-WikiBot

2020-04-0715:40:14

CWE-284

GitHub_M

www.cve.org

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.

CNA Affected

[
  {
    "product": "MH-WikiBot",
    "vendor": "examknow",
    "versions": [
      {
        "status": "affected",
        "version": "< commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1"
      }
    ]
  }
]

References

github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1

github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N

6.1 Medium

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

38.7%

JSON

Related for CVELIST:CVE-2020-5302