5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
NONE
AV:N/AC:L/Au:N/C:N/I:P/A:N
0.008 Low
EPSS
Percentile
82.0%
MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random numbers for password reset tokens, which makes it easier for remote attackers to change the passwords of arbitrary users.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 12 | all | mediawiki | < 1:1.15.5-9 | mediawiki_1:1.15.5-9_all.deb |
Debian | 11 | all | mediawiki | < 1:1.15.5-9 | mediawiki_1:1.15.5-9_all.deb |
Debian | 999 | all | mediawiki | < 1:1.15.5-9 | mediawiki_1:1.15.5-9_all.deb |
Debian | 13 | all | mediawiki | < 1:1.15.5-9 | mediawiki_1:1.15.5-9_all.deb |