CVE-2018-0505

Exploit

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock

Affected products Warnungen 0 Metrics 3 CWE 1 References 10

Data is provided by the National Vulnerability Database (NVD)

Mediawiki ≫ Mediawiki Version >= 1.31.0 < 1.31.1

Mediawiki ≫ Mediawiki Version1.27.5

Mediawiki ≫ Mediawiki Version1.29.3

Mediawiki ≫ Mediawiki Version1.30.1

Debian ≫ Debian Linux Version9.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.43%	0.618

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:P/A:N

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Third Party Advisory

VDB Entry

Patch

Vendor Advisory

Third Party Advisory

Patch

Third Party Advisory

Exploit

CVE Source (NVD)

CVE Source (JSON)

EUVD