Lucene search
Veracode Vulnerability DatabaseVERACODE:20764HistoryJul 11, 2019 - 1:00 a.m.
Incorrect Access Control
2019-07-1101:00:18
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8
0.002 Low
EPSS
Percentile
56.9%
Mediawiki uses incorrect access control. It allows a spammer to send out unblockable or rate uncontrollable spam by using Special:ChangeEmail.
| CPE | Name | Operator | Version |
|---|---|---|---|
| mediawiki/core | le | 1.31.1 | |
| mediawiki/core | le | 1.32.1 | |
| mediawiki/core | le | 1.30.1 | |
| mediawiki/core | le | 1.27.5 |
References
github.com/wikimedia/mediawiki/commit/18644ba726690ca282c289fad26c6db598f1efd5
github.com/wikimedia/mediawiki/commit/77dd088b11e315fa8a614bddd46b97a163b5949f
github.com/wikimedia/mediawiki/commit/a3a9b8d440c10e0f1937b20d36cd9e1004843197
github.com/wikimedia/mediawiki/commit/cc77292de64677e18ab8ccc6ff3f41358a9ec2ca
lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
phabricator.wikimedia.org/rMWcc77292de64677e18ab8ccc6ff3f41358a9ec2ca
phabricator.wikimedia.org/source/mediawiki/browse/REL1_29/RELEASE-NOTES-1.32
Related
nvd
nvd
CVE-2019-12467
2019-07-10 15:15:12
ubuntucve
ubuntucve
CVE-2019-12467
2019-07-10 00:00:00
friendsofphp
friendsofphp
Need to make a limit of count of attempts to change email address
2019-05-30 20:55:13
cvelist
cvelist
CVE-2019-12467
2019-07-10 14:45:01
prion
prion
Improper access control
2019-07-10 15:15:00
osv
osv
CVE-2019-12467
2019-07-10 15:15:12
mediawiki - security update
2019-06-12 00:00:00
github
github
MediaWiki Incorrect Access Control vulnerability
2022-05-24 16:49:54
cve
cve
CVE-2019-12467
2019-07-10 15:15:12
debiancve
debiancve
CVE-2019-12467
2019-07-10 15:15:12
openvas
openvas
MediaWiki <= 1.32.1 Multiple Vulnerabilities - Linux
2019-07-16 00:00:00
MediaWiki <= 1.32.1 Multiple Vulnerabilities - Windows
2019-07-16 00:00:00
Debian: Security Advisory (DSA-4460-1)
2019-06-13 00:00:00
freebsd
freebsd
mediawiki -- multiple vulnerabilities
2019-04-23 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerabilities
2019-09-15 17:45:31
nessus
nessus
Debian DSA-4460-1 : mediawiki - security update
2019-06-13 00:00:00
debian
debian
[SECURITY] [DSA 4460-1] mediawiki security update
2019-06-11 22:27:04
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.32.2-alt1
2019-06-13 00:00:00