CVE-2018-0505Improper Authentication in Mediawiki

CWE-287Improper AuthenticationCWE-285Improper Authorization8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.4%
top 37.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiMediawiki CoreDebian Mediawiki+1 more
Timeline
PublishedOct 4
Latest updateMay 13

Description

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

Packagistmediawiki/core1.27.01.27.5+3
debiandebian/mediawiki< mediawiki 1:1.31.1-1 (bookworm)
NVDmediawiki/mediawiki1.31.01.31.1+3
Debianmediawiki/mediawiki< 1:1.31.1-1+3
CVEListV5mediawiki/mediawikibefore 1.31.1, 1.30.1, 1.29.3 and 1.27.5

Also affects: Debian Linux 9.0

Patches

Patch: lists.wikimedia.orgPatch: phabricator.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

3
OSV
Mediawiki BotPassword can bypass CentralAuth's account lock2022-05-13
GHSA
Mediawiki BotPassword can bypass CentralAuth's account lock2022-05-13
OSV
CVE-2018-0505: Mediawiki 12018-10-04

📋Vendor Advisories

2
Red Hat
mediawiki: BotPassword can bypass CentralAuth's account lock2018-09-24
Debian
CVE-2018-0505: mediawiki - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where Bo...2018

💬Community

2
Bugzilla
CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's account lock2018-09-28
Bugzilla
CVE-2018-0505 mediawiki: BotPassword can bypass CentralAuth's account lock [fedora-all]2018-09-28
CVE-2018-0505 — Improper Authentication in Mediawiki | cvebase