Description
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
Analysis
No analysis available yet.
Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).
| Vendor | Product | Default status | Versions | ||||||
|---|---|---|---|---|---|---|---|---|---|
| mediawiki | mediawiki | affected |
|
Configuration 1 [-]
|
Configuration 2 [-]
|
| Package | CPE | Advisory | Released Date |
|---|---|---|---|
| Red Hat OpenShift Container Platform 3.10 | |||
| mediawiki-0:1.27.7-1.el7 | cpe:/a:redhat:openshift:3.10::el7 | RHSA-2019:3238 | 2019-10-29T00:00:00Z |
| Red Hat OpenShift Container Platform 3.11 | |||
| mediawiki-0:1.27.7-1.el7 | cpe:/a:redhat:openshift:3.11::el7 | RHSA-2019:3142 | 2019-10-18T00:00:00Z |
| Red Hat OpenShift Container Platform 3.9 | |||
| mediawiki123-0:1.23.17-1.el7 | cpe:/a:redhat:openshift:3.9::el7 | RHSA-2019:3813 | 2019-11-07T00:00:00Z |
No data available yet.
Remediation
No remediation available yet.
Tracking
Sign in to view the affected projects.
Advisories
| Source | ID | Title |
|---|---|---|
 Debian DSA |
DSA-4301-1 | mediawiki security update |
 EUVD |
EUVD-2022-2560 | Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock |
 Github GHSA |
GHSA-5c6w-f4w2-2grp | Mediawiki BotPassword can bypass CentralAuth's account lock |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: debian
Published:
Updated: 2024-09-16T18:48:38.021Z
Reserved: 2017-11-27T00:00:00.000Z
Link: CVE-2018-0505
Vulnrichment
No data.
NVD
Status : Modified
Published: 2018-10-04T20:29:00.687
Modified: 2024-11-21T03:38:22.430
Link: CVE-2018-0505
Redhat
OpenCVE Enrichment
No data.