Lucene search
Veracode Vulnerability DatabaseVERACODE:28386HistoryDec 06, 2020 - 4:19 a.m.
Rate Limiting Logic Error
2020-12-0604:19:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
14
mediawiki
rate limiting
vulnerability
oath
tokens
multiple sites
EPSS
0.002
Percentile
54.1%
MediaWiki is vulnerable to rate limiting logic error. Rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can still be made across many wikis/sites concurrently.
References
lists.fedoraproject.org/archives/list/[email protected]/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6/
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html
lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html
phabricator.wikimedia.org/T251661
security-tracker.debian.org/tracker/CVE-2020-25827
Related
nessus
nessus
Debian DLA-2379-3 : mediawiki regression update
2020-09-28 00:00:00
Debian DSA-4767-1 : mediawiki - security update
2020-09-28 00:00:00
cvelist
cvelist
CVE-2020-25827
2020-09-27 20:43:20
debian
debian
[SECURITY] [DLA 2379-2] mediawiki regression update
2020-09-28 21:39:21
[SECURITY] [DLA 2379-3] mediawiki regression update
2020-11-21 05:18:37
[SECURITY] [DLA 2379-1] mediawiki security update
2020-09-26 01:26:02
friendsofphp
friendsofphp
TOTP throttle not enforced cross-wiki
1970-01-01 00:00:00
debiancve
debiancve
CVE-2020-25827
2020-09-27 21:15:12
cve
cve
CVE-2020-25827
2020-09-27 21:15:12
prion
prion
Code injection
2020-09-27 21:15:00
redhatcve
redhatcve
CVE-2020-25827
2020-12-02 18:47:10
osv
osv
BIT-mediawiki-2020-25827
2024-03-06 11:13:58
CVE-2020-25827
2020-09-27 21:15:12
mediawiki - security update
2020-09-25 00:00:00
ubuntucve
ubuntucve
CVE-2020-25827
2020-09-27 00:00:00
github
github
OATHAuth extension in MediaWiki is not implementing rate limit
2022-05-24 17:29:42
nvd
nvd
CVE-2020-25827
2020-09-27 21:15:12
openvas
openvas
Debian: Security Advisory (DLA-2379-1)
2020-09-26 00:00:00
Mageia: Security Advisory (MGASA-2020-0381)
2022-01-28 00:00:00
Debian: Security Advisory (DSA-4767-1)
2020-09-27 00:00:00
mageia
mageia
Updated mediawiki packages fix security vulnerability
2020-09-30 13:01:40
fedora
fedora
[SECURITY] Fedora 33 Update: php-zordius-lightncandy-1.2.5-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: php-wikimedia-assert-0.5.0-1.fc33
2020-12-14 00:59:10
[SECURITY] Fedora 33 Update: mediawiki-1.35.0-1.fc33
2020-12-14 00:59:10
altlinux
altlinux
Security fix for the ALT Linux 9 package mediawiki version 1.35.0-alt1
2020-10-14 00:00:00