Lucene search
Veracode Vulnerability DatabaseVERACODE:7568HistoryOct 05, 2018 - 2:43 a.m.
Authentication Bypass
2018-10-0502:43:38
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.008 Low
EPSS
Percentile
82.2%
mediawiki/core is vulnerable to authentication bypass attacks. The vulnerability exists due to the lack of account lock status check during a botpassword login, allowing accounts to be logged in through a bot password.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki/core | le | 1.29.2 | |
| mediawiki/core | le | 1.27.4 | |
| mediawiki/core | le | 1.30.0 | |
| mediawiki | eq | 1.27.4__8.el7 | |
| mediawiki123 | eq | 1.23.13__1.el7 |
References
www.securitytracker.com/id/1041695
access.redhat.com/errata/RHSA-2019:3142
github.com/wikimedia/mediawiki/commit/2cbf4020fde1945f06a49d6705e5486ba0ce001b
github.com/wikimedia/mediawiki/commit/6e50006596c20657a289a26ddaa551c10c97431e
github.com/wikimedia/mediawiki/commit/c4002c9e4df7b7bf5ba1e80491dc37795270ea05
lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
phabricator.wikimedia.org/T194605
www.debian.org/security/2018/dsa-4301
Related
debiancve
debiancve
CVE-2018-0505
2018-10-04 20:29:00
friendsofphp
friendsofphp
BotPassword can bypass CentralAuth's account lock
2018-09-20 18:59:33
ubuntucve
ubuntucve
CVE-2018-0505
2018-10-04 00:00:00
cve
cve
CVE-2018-0505
2018-10-04 20:29:00
redhatcve
redhatcve
CVE-2018-0505
2018-09-28 20:50:59
nvd
nvd
CVE-2018-0505
2018-10-04 20:29:00
osv
osv
CVE-2018-0505
2018-10-04 20:29:00
mediawiki - security update
2018-09-22 00:00:00
cvelist
cvelist
CVE-2018-0505 BotPasswords can bypass CentralAuth's account lock
2018-09-20 00:00:00
prion
prion
Design/Logic Flaw
2018-10-04 20:29:00
github
github
Mediawiki BotPassword can bypass CentralAuth's account lock
2022-05-13 01:31:04
redhat
redhat
nessus
nessus
RHEL 7 : OpenShift Container Platform 3.11 mediawiki (RHSA-2019:3142)
2019-10-18 00:00:00
Fedora 27 : mediawiki (2018-edf90410ea)
2018-10-09 00:00:00
RHEL 7 : OpenShift Container Platform 3.9 mediawiki123 (RHSA-2019:3813)
2019-11-08 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4301-1)
2018-09-21 00:00:00
MediaWiki Multiple Vulnerabilities (Sep 2018) - Windows
2018-10-05 00:00:00
Fedora Update for mediawiki FEDORA-2018-e022ecbc52
2018-10-08 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2018-11-03 14:55:18
debian
debian
[SECURITY] [DSA 4301-1] mediawiki security update
2018-09-22 15:13:12
archlinux
archlinux
[ASA-201809-5] mediawiki: multiple issues
2018-09-25 00:00:00
fedora
fedora
[SECURITY] Fedora 29 Update: mediawiki-1.29.3-1.fc29
2018-10-07 21:02:44
[SECURITY] Fedora 27 Update: mediawiki-1.29.3-1.fc27
2018-10-07 21:12:53
[SECURITY] Fedora 28 Update: mediawiki-1.29.3-1.fc28
2018-10-07 22:17:01
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.31.1-alt1
2018-09-29 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2018-08-29 00:00:00