An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented.
oryginał ENCVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HMediawiki
APPMediawiki≤ 1.36
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje
Powiązane podatności
CVE-2024-34502CRITICAL9.8PL ✓ten sam produkt
CSRF w WikibaseLexeme (MediaWiki) — nieuprawnione scalanie leksemów
CVE-2023-37303CRITICAL9.8ten sam produkt
An issue was discovered in the CheckUser extension for MediaWiki through 1.39.3. In certain situations, an att...
CVE-2023-29141CRITICAL9.8ten sam produkt
An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1....
CVE-2022-29906CRITICAL9.8ten sam produkt
The admin API module in the QuizGame extension for MediaWiki through 1.37.2 (before 665e33a68f6fa1167df99c0aa1...
CVE-2022-29904CRITICAL9.8ten sam produkt
The SemanticDrilldown extension for MediaWiki through 1.37.2 (before e688bdba6434591b5dff689a45e4d53459954773)...