Mediawiki uses incorrect access control. It allows a spammer to send out unblockable or rate uncontrollable spam by using Special:ChangeEmail
.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki/core | le | 1.31.1 | |
mediawiki/core | le | 1.32.1 | |
mediawiki/core | le | 1.30.1 | |
mediawiki/core | le | 1.27.5 |
github.com/wikimedia/mediawiki/commit/18644ba726690ca282c289fad26c6db598f1efd5
github.com/wikimedia/mediawiki/commit/77dd088b11e315fa8a614bddd46b97a163b5949f
github.com/wikimedia/mediawiki/commit/a3a9b8d440c10e0f1937b20d36cd9e1004843197
github.com/wikimedia/mediawiki/commit/cc77292de64677e18ab8ccc6ff3f41358a9ec2ca
lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
phabricator.wikimedia.org/rMWcc77292de64677e18ab8ccc6ff3f41358a9ec2ca
phabricator.wikimedia.org/source/mediawiki/browse/REL1_29/RELEASE-NOTES-1.32