Mediawiki: >> Mediawiki >> 1.27.7 Security Vulnerabilities
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVSS Score
6.5
EPSS Score
0.002
Published
2019-07-10
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVSS Score
8.8
EPSS Score
0.002
Published
2019-07-10
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
CVSS Score
9.8
EPSS Score
0.005
Published
2019-07-10
Page 17