mediawiki/core is vulnerable to authentication bypass attacks. The vulnerability exists due to the lack of account lock status check during a botpassword login, allowing accounts to be logged in through a bot password.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki/core | le | 1.29.2 | |
mediawiki/core | le | 1.27.4 | |
mediawiki/core | le | 1.30.0 | |
mediawiki | eq | 1.27.4__8.el7 | |
mediawiki123 | eq | 1.23.13__1.el7 |
www.securitytracker.com/id/1041695
access.redhat.com/errata/RHSA-2019:3142
github.com/wikimedia/mediawiki/commit/2cbf4020fde1945f06a49d6705e5486ba0ce001b
github.com/wikimedia/mediawiki/commit/6e50006596c20657a289a26ddaa551c10c97431e
github.com/wikimedia/mediawiki/commit/c4002c9e4df7b7bf5ba1e80491dc37795270ea05
lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
phabricator.wikimedia.org/T194605
www.debian.org/security/2018/dsa-4301