CVE-2018-0503
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
04/10/2018
Last modified:
18/10/2019
Description
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:* | 1.31.0 (including) | 1.31.1 (excluding) |
| cpe:2.3:a:mediawiki:mediawiki:1.27.5:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.29.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:mediawiki:mediawiki:1.30.1:*:*:*:*:*:*:* | ||
| cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.securitytracker.com/id/1041695
- https://access.redhat.com/errata/RHSA-2019:3142
- https://access.redhat.com/errata/RHSA-2019:3238
- https://access.redhat.com/errata/RHSA-2019:3813
- https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
- https://phabricator.wikimedia.org/T169545
- https://www.debian.org/security/2018/dsa-4301