CVE-2012-4380

EPSS 0.55%
Published 19.10.2017 21:29:00
Last modified 20.04.2025 01:37:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version <= 1.18.4

Mediawiki ≫ Mediawiki Version1.19.0

Mediawiki ≫ Mediawiki Version1.19.1

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.55%	0.672

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:N/I:P/A:N

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

http://www.openwall.com/lists/oss-security/2012/08/31/10

Patch

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2012/08/31/6

Patch

Third Party Advisory

Mailing List

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330

Third Party Advisory

Issue Tracking

https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html

Patch

Vendor Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=853440

Issue Tracking

https://phabricator.wikimedia.org/T41824

Vendor Advisory

Issue Tracking

https://nvd.nist.gov/vuln/detail/CVE-2012-4380

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2012-4380

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2012-4380

EUVD