Lucene search

[email protected]NVD:CVE-2019-12468

HistoryJul 10, 2019 - 3:15 p.m.

CVE-2019-12468

2019-07-1015:15:12

CWE-306

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

Affected configurations

NVD

Node

mediawikimediawikiRange1.27.0–1.32.1

Node

debiandebian_linuxMatch9.0

References

lists.wikimedia.org/pipermail/mediawiki-announce/

lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html

phabricator.wikimedia.org/T197279

seclists.org/bugtraq/2019/Jun/12

www.debian.org/security/2019/dsa-4460

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.5 High

AI Score

Confidence

High

0.009 Low

EPSS

Percentile

83.1%

JSON

Related for NVD:CVE-2019-12468

ubuntucve1 cvelist1 cve1 debiancve1 veracode1 prion1 osv2 friendsofphp1 github1 openvas4 freebsd1 debian1 nessus2 mageia1 altlinux1