Lucene search

MitreCVE-2020-29007

HistoryApr 15, 2023 - 10:15 p.m.

CVE-2020-29007

2023-04-1522:15:06

CWE-94

mitre

web.nvd.nist.gov

score extension

mediawiki

remote code execution

cve-2020-29007

nvd

vulnerability

gnu lilypond

sandboxing

executable

scheme

shell code

image data

musical scores

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

The Score extension through 0.3.0 for MediaWiki has a remote code execution vulnerability due to improper sandboxing of the GNU LilyPond executable. This allows any user with an ability to edit articles (potentially including unauthenticated anonymous users) to execute arbitrary Scheme or shell code by using crafted {{Image data to generate musical scores containing malicious code.

Affected configurations

Nvd

Node

mediawikiscoreRange≤0.3.0mediawiki

VendorProductVersionCPE
mediawikiscore*cpe:2.3:a:mediawiki:score:*:*:*:*:*:mediawiki:*:*

Vendor	Product	Version	CPE
mediawiki	score	*	cpe:2.3:a:mediawiki:score::::::mediawiki::*

References

github.com/seqred-s-a/cve-2020-29007

phabricator.wikimedia.org/T257062

seqred.pl/en/cve-2020-29007-remote-code-execution-in-mediawiki-score/

www.mediawiki.org/wiki/Extension:Score

www.mediawiki.org/wiki/Extension:Score/2021_security_advisory

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.7

Confidence

High

EPSS

0.074

Percentile

94.2%

JSON

Related for CVE-2020-29007