Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS02dmZnLThwcHYtaDVoZ84AAhPq
MediaWiki Incorrect Access Control vulnerability
MediaWiki through 1.32.1 has Incorrect Access Control (issue 1 of 3). A spammer can use Special:ChangeEmail to send out spam with no rate limiting or ability to block them. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Permalink: https://github.com/advisories/GHSA-6vfg-8ppv-h5hgJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS02dmZnLThwcHYtaDVoZ84AAhPq
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: over 2 years ago
Updated: 4 months ago
CVSS Score: 5.3
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Identifiers: GHSA-6vfg-8ppv-h5hg, CVE-2019-12467
References:
- https://nvd.nist.gov/vuln/detail/CVE-2019-12467
- https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
- https://phabricator.wikimedia.org/T209794
- https://seclists.org/bugtraq/2019/Jun/12
- https://www.debian.org/security/2019/dsa-4460
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12467.yaml
- https://github.com/advisories/GHSA-6vfg-8ppv-h5hg
Affected Packages
packagist:mediawiki/core
Dependent packages: 4Dependent repositories: 10
Downloads: 3,024 total
Affected Version Ranges: >= 1.32.0, < 1.32.2, >= 1.31.0, < 1.31.2, >= 1.30.0, < 1.30.2, < 1.27.6
Fixed in: 1.32.2, 1.31.2, 1.30.2, 1.27.6
All affected versions: 1.20.3, 1.20.4, 1.20.5, 1.20.6, 1.20.7, 1.20.8, 1.21.0, 1.21.1, 1.21.2, 1.21.3, 1.21.4, 1.21.5, 1.21.6, 1.21.7, 1.21.8, 1.21.9, 1.21.10, 1.21.11, 1.24.0, 1.24.1, 1.24.2, 1.24.3, 1.24.4, 1.24.5, 1.24.6, 1.25.0, 1.25.1, 1.25.2, 1.25.3, 1.25.4, 1.25.5, 1.25.6, 1.26.0, 1.26.1, 1.26.2, 1.26.3, 1.26.4, 1.27.0, 1.27.1, 1.27.2, 1.27.3, 1.27.4, 1.27.5, 1.30.0, 1.30.1, 1.31.0, 1.31.1, 1.32.0, 1.32.1
All unaffected versions: 1.27.6, 1.27.7, 1.28.0, 1.28.1, 1.28.2, 1.28.3, 1.29.0, 1.29.1, 1.29.2, 1.29.3, 1.30.2, 1.31.2, 1.31.3, 1.31.4, 1.31.5, 1.31.6, 1.31.7, 1.31.8, 1.31.9, 1.31.10, 1.31.11, 1.31.12, 1.31.13, 1.31.14, 1.31.15, 1.31.16, 1.32.2, 1.32.3, 1.32.4, 1.32.5, 1.32.6, 1.33.0, 1.33.1, 1.33.2, 1.33.3, 1.33.4, 1.34.0, 1.34.1, 1.34.2, 1.34.3, 1.34.4, 1.35.0, 1.35.1, 1.35.2, 1.35.3, 1.35.4, 1.35.5, 1.35.6, 1.35.7, 1.35.8, 1.35.9, 1.35.10, 1.35.11, 1.35.12, 1.35.13, 1.35.14, 1.36.0, 1.36.1, 1.36.2, 1.36.3, 1.36.4, 1.37.0, 1.37.1, 1.37.2, 1.37.3, 1.37.4, 1.37.5, 1.37.6, 1.38.0, 1.38.1, 1.38.2, 1.38.3, 1.38.4, 1.38.5, 1.38.6, 1.38.7, 1.39.0, 1.39.1, 1.39.2, 1.39.3, 1.39.4, 1.39.5, 1.39.6, 1.39.7, 1.39.8, 1.40.0, 1.40.1, 1.40.2, 1.40.3, 1.40.4, 1.41.0, 1.41.1, 1.41.2, 1.42.0, 1.42.1