Veracode Vulnerability DatabaseVERACODE:42344Remote Code Execution (RCE)
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.7%
mediawiki is vulnerable to Remote Code Execution (RCE). This vulnerability occurs due to a flaw in the way that MediaWiki handles file uploads. An attacker can exploit this vulnerability to bypass file upload restrictions, which could allow them to upload malicious files to the MediaWiki server.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki:bullseye | eq | 1:1.35.0-1 | |
| mediawiki:sid | eq | 1:1.35.0-1 | |
| mediawiki:bullseye | eq | 1:1.35.0-1 | |
| mediawiki:sid | eq | 1:1.35.0-1 |
References
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
lists.fedoraproject.org/archives/list/[email protected]/message/2UIVGYECQGTUC2LLPVCZBPDLCTOHL2F6/
lists.fedoraproject.org/archives/list/[email protected]/message/6CHRX6DSLAMVXCV2YMJEWOLTBEYSESE5/
lists.fedoraproject.org/archives/list/[email protected]/message/DOAXEGYBOEM4JWB4J3BDH73NK2LCYC3O/
phabricator.wikimedia.org/T335612
security-tracker.debian.org/tracker/CVE-2023-36674
Related
5.3 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
0.001 Low
EPSS
Percentile
20.7%