GHSA-6vfg-8ppv-h5hg
Suggest an improvement- Source
- https://github.com/advisories/GHSA-6vfg-8ppv-h5hg
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-6vfg-8ppv-h5hg/GHSA-6vfg-8ppv-h5hg.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-6vfg-8ppv-h5hg
- Aliases
- Published
- 2022-05-24T16:49:54Z
- Modified
- 2024-05-15T23:28:58.602337Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- MediaWiki Incorrect Access Control vulnerability
- Details
-
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2019-12467
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml
- https://github.com/wikimedia/mediawiki
- https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
- https://phabricator.wikimedia.org/T209794
- https://seclists.org/bugtraq/2019/Jun/12
- https://www.debian.org/security/2019/dsa-4460
Affected packages
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1.27.6
Affected versions
1.*
1.20.3
1.20.4
1.20.5
1.20.6
1.20.7
1.20.8
1.21.0
1.21.1
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.21.7
1.21.8
1.21.9
1.21.10
1.21.11
1.22.0rc0
1.24.0-rc.0
1.24.0-rc.1
1.24.0-rc.2
1.24.0-rc.3
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.25.0-rc.0
1.25.0
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0-rc.0
1.27.0-rc.1
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core