Lucene search

[email protected]NVD:CVE-2020-29007

HistoryApr 15, 2023 - 10:15 p.m.

CVE-2020-29007

2023-04-1522:15:06

CWE-94

[email protected]

web.nvd.nist.gov

mediawiki

remote code execution

gnu lilypond

sandboxing

vulnerability

malicious code

image data

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.

Affected configurations

Nvd

Node

mediawikiscoreRange≤0.3.0mediawiki

VendorProductVersionCPE
mediawikiscore*cpe:2.3:a:mediawiki:score:*:*:*:*:*:mediawiki:*:*

Vendor	Product	Version	CPE
mediawiki	score	*	cpe:2.3:a:mediawiki:score::::::mediawiki::*

References

github.com/seqred-s-a/cve-2020-29007

phabricator.wikimedia.org/T257062

seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/

www.mediawiki.org/wiki/Extension:Score

www.mediawiki.org/wiki/Extension:Score/2021_security_advisory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.8

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

Related for NVD:CVE-2020-29007

cve1 prion1 cvelist1 githubexploit1