Vulnerability CVE-2016-6336


Published: 2017-04-20

Description:
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

Vendor: Mediawiki
Product: Mediawiki 
Version:
1.27.0
1.26.4
1.26.3
1.26.2
1.26.1
1.26.0
1.23.14

CVSS2 => (AV:N/AC:L/Au:S/C:N/I:P/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
4/10
2.9/10
8/10
Exploit range
Attack complexity
Authentication
Remote
Low
Single time
Confidentiality impact
Integrity impact
Availability impact
None
Partial
None

 References:
https://bugzilla.redhat.com/show_bug.cgi?id=1369613
https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html
https://phabricator.wikimedia.org/T132926

Related CVE
CVE-2014-1686
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
CVE-2017-0372
Parameters injection in the SyntaxHighlight extension of Mediawiki before 1.23.16, 1.27.3 and 1.28.2 might result in multiple vulnerabilities.
CVE-2017-0370
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw were Spam blacklist is ineffective on encoded URLs inside file inclusion syntax's link parameter.
CVE-2017-0369
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw, allowing a sysops to undelete pages, although the page is protected against it.
CVE-2017-0368
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw making rawHTML mode apply to system messages.
CVE-2017-0367
Mediawiki before 1.28.1 / 1.27.2 contains an unsafe use of temporary directory, where having LocalisationCache directory default to system tmp directory is insecure.
CVE-2017-0366
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a flaw allowing to evade SVG filter using default attribute values in DTD declaration.
CVE-2017-0365
Mediawiki before 1.28.1 / 1.27.2 / 1.23.16 contains a XSS vulnerability in SearchHighlighter::highlightText() with non-default configurations.

Copyright 2018, cxsecurity.com

 

Back to Top