Overview
- Description
- MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-200
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
"versionEndIncluding": "1.23.14"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95"
}
],
"operator": "OR"
}
]
}
]