6 matches found
Linux Distros Unpatched Vulnerability : CVE-2020-35477
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visit...
Improper Access Control
Overview Affected versions of this package are vulnerable to Improper Access Control via the abusefiltercheckmatch API, due to missing checks of the permissions to see the log details for the given filter. This allows an attacker to bypass hidden and protected visibility settings. Remediation A f...
GHSA-M738-3RC4-5XV3 A user without PR can reset user authentication failures information
Impact The script service method used to reset the authentication failures record can be executed by any user with Script rights and does not require Programming rights as it should have. Note that being able to reset the authentication failure record mean that an attacker with script right might...
DEBIAN-CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
UBUNTU-CVE-2020-35477
MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox or a tags checkbox next to it, there i...
ansible: become password logged in plaintext when used with PowerShell on Windows
Execution of Ansible content on Microsoft's Windows platform with Powershell 5 or higher may disclose sensitive execution details including 'become' passwords, Ansible module arguments, and return values via Powershell's 'suspicious scriptblock logging' feature, which is enabled by default. The...