GHSA-7mqg-5fgh-xh4r
Suggest an improvement- Source
- https://github.com/advisories/GHSA-7mqg-5fgh-xh4r
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-7mqg-5fgh-xh4r/GHSA-7mqg-5fgh-xh4r.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-7mqg-5fgh-xh4r
- Aliases
- Published
- 2022-05-24T16:49:58Z
- Modified
- 2024-05-15T23:12:56.578504Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
- Summary
- MediaWiki Incorrect Access Control vulnerability
- Details
-
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
- References
Affected packages
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Affected versions
1.*
1.20.3
1.20.4
1.20.5
1.20.6
1.20.7
1.20.8
1.21.0
1.21.1
1.21.2
1.21.3
1.21.4
1.21.5
1.21.6
1.21.7
1.21.8
1.21.9
1.21.10
1.21.11
1.22.0rc0
1.24.0-rc.0
1.24.0-rc.1
1.24.0-rc.2
1.24.0-rc.3
1.24.0
1.24.1
1.24.2
1.24.3
1.24.4
1.24.5
1.24.6
1.25.0-rc.0
1.25.0
1.25.1
1.25.2
1.25.3
1.25.4
1.25.5
1.25.6
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0-rc.0
1.27.0-rc.1
1.27.0
1.27.1
1.27.2
1.27.3
1.27.4
1.27.5
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core
Packagist / mediawiki/core
Package
- Name
- mediawiki/core
- Purl
- pkg:composer/mediawiki/core