2.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
70.4%
Mediawikwi reports:
(T285159, CVE-2023-PENDING) SECURITY: X-Forwarded-For header allows
brute-forcing autoblocked IP addresses.
(T326946, CVE-2020-36649) SECURITY: Bundled PapaParse copy in
VisualEditor has known ReDos.
(T330086, CVE-2023-PENDING) SECURITY: OATHAuth allows replay attacks when
MediaWiki is configured without ObjectCache; Insecure Default Configuration.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
FreeBSD | any | noarch | mediawiki135 | < 1.35.10 | UNKNOWN |
FreeBSD | any | noarch | mediawiki138 | < 1.38.6 | UNKNOWN |
FreeBSD | any | noarch | mediawiki139 | < 1.39.3 | UNKNOWN |
2.3 Low
CVSS2
Attack Vector
ADJACENT_NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:A/AC:M/Au:S/C:N/I:N/A:P
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
70.4%