← Retour aux CVEs
CVE-2020-10534
CRITICAL9.8
Description
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.
Details CVE
Score CVSS v3.19.8
SeveriteCRITICAL
Vecteur CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Vecteur d'attaqueNETWORK
ComplexiteLOW
Privileges requisNONE
Interaction utilisateurNONE
Publie3/12/2020
Derniere modification11/21/2024
Sourcenvd
Observations honeypot0
Produits affectes
mediawiki:mediawiki
Faiblesses (CWE)
CWE-863
References
https://phabricator.wikimedia.org/T229731(cve@mitre.org)
https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b(af854a3a-2127-422b-91ae-364da2661108)
https://phabricator.wikimedia.org/T229731(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.