Lucene search
K

154 matches found

CNVD
CNVD
added 2020/10/04 12:0 a.m.9 views

Unspecified Vulnerability in MediaWiki (CNVD-2021-38686)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

7.5CVSS6.6AI score0.01752EPSS
Exploits1References1
CNVD
CNVD
added 2020/09/29 12:0 a.m.3 views

MediaWiki Code Problem Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

6.1CVSS7.1AI score0.01089EPSS
Exploits0References1
CNVD
CNVD
added 2020/09/28 12:0 a.m.2 views

MediaWiki Information Disclosure Vulnerability (CNVD-2020-58048)

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

7.5CVSS6.2AI score0.01405EPSS
Exploits0References1
OSV
OSV
added 2020/09/27 9:15 p.m.4 views

UBUNTU-CVE-2020-25827

An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster such as via CentralAuth, rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across...

7.5CVSS7.1AI score0.01752EPSS
Exploits1References6
CVE
CVE
added 2020/09/27 8:43 p.m.125 views

CVE-2020-25827

MediaWiki CVE-2020-25827 affects the OATHAuth extension. The issue occurs when Wikis run OATHAuth on a farm/cluster (e.g., CentralAuth) where token rate limiting is enforced only at a single site level; this enables issuing multiple OATH token requests across many wikis/sites concurrently. Affect...

7.5CVSS7.3AI score0.01752EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2020/09/25 12:0 a.m.6 views

PT-2020-6813 · Oathauth +3 · Oathauth +3

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.31.10 MediaWiki versions 1.32.x through 1.34.x before 1.34.4 Description: The issue is related to insufficient restriction of authentication attempts in the OATHAuth extension for MediaWiki. This can be exploited...

9.8CVSS6AI score0.04098EPSS
Exploits6References72
CNVD
CNVD
added 2020/04/22 12:0 a.m.2 views

MediaWiki CentralAuth Information Disclosure Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. The product can be used to deploy in-house knowledge management and content management systems. centralAuth is one of the extensions that supports shared global...

7.5CVSS6.5AI score0.01317EPSS
Exploits0References1
NVD
NVD
added 2020/04/21 10:15 p.m.19 views

CVE-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

7.5CVSS7.4AI score0.01317EPSS
Exploits0References2
OSV
OSV
added 2020/04/21 10:15 p.m.21 views

CVE-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

7.5CVSS6.5AI score
Exploits0References2
Prion
Prion
added 2020/04/21 10:15 p.m.10 views

Cross site request forgery (csrf)

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

5CVSS7.4AI score0.01317EPSS
Exploits0References2
Cvelist
Cvelist
added 2020/04/21 9:24 p.m.18 views

CVE-2020-12051

The CentralAuth extension through REL134 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied wh...

7.4AI score0.01317EPSS
Exploits0References2
CVE
CVE
added 2020/04/21 9:24 p.m.55 views

CVE-2020-12051

The CVE-2020-12051 issue affects the MediaWiki CentralAuth extension (REL1_34 and earlier) where remote attackers can query api.php?action=query&meta=globaluserinfo&guiuser= to obtain sensitive hidden account information. The vulnerability is described across multiple sources (NVD, Red Hat, OSV, ...

7.5CVSS7.3AI score0.01317EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2020/01/28 3:15 p.m.27 views

CVE-2013-6455

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...

5.3CVSS5.5AI score0.01125EPSS
Exploits0References1
Prion
Prion
added 2020/01/28 3:15 p.m.20 views

Design/Logic Flaw

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...

5CVSS7AI score0.01125EPSS
Exploits0References1Affected Software1
CVE
CVE
added 2020/01/28 2:54 p.m.61 views

CVE-2013-6455

CVE-2013-6455 affects the CentralAuth extension for MediaWiki. The vulnerability allows remote attackers to obtain usernames by manipulating the DOM on a page. Affected versions are MediaWiki with CentralAuth before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1. The issue stems from writi...

5.3CVSS5.1AI score0.01125EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2020/01/28 2:54 p.m.22 views

CVE-2013-6455

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page...

5.4AI score0.01125EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2019/11/07 4:55 p.m.55 views

Low: Red Hat Security Advisory: OpenShift Container Platform 3.9 mediawiki123 security update

An update for mediawiki123 is now available for Red Hat OpenShift Container Platform 3.9. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.4AI score0.02797EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/11/07 4:55 p.m.12 views

mediawiki: BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS5.8AI score0.01932EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/10/29 4:10 p.m.48 views

Low: Red Hat Security Advisory: OpenShift Container Platform 3.10 mediawiki security update

An update for mediawiki is now available for Red Hat OpenShift Container Platform 3.10. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

6.5CVSS6.4AI score0.02797EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2019/10/29 4:10 p.m.108 views

mediawiki: BotPassword can bypass CentralAuth's account lock

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock...

6.5CVSS5.8AI score0.01932EPSS
Exploits1References4
Rows per page
Query Builder