Overview
- Description
- MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
- Source
- secalert@redhat.com
- NVD status
- Analyzed
Risk scores
CVSS 3.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 3.6
- Exploitability score
- 2.8
- Vector string
- CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
- Severity
- MEDIUM
CVSS 2.0
- Type
- Primary
- Base score
- 4
- Impact score
- 2.9
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-284
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8",
"versionEndIncluding": "1.23.14"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89"
},
{
"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95"
}
],
"operator": "OR"
}
]
}
]