Vulnerability CVE-2019-12472: Information
Description
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Fixed packages
Package name | Branch | Fixed in version | Version from repository | Errata ID | Task # | State |
---|---|---|---|---|---|---|
mediawiki | sisyphus | 1.29.0-alt1 | 1.40.1-alt2 | ALT-PU-2017-2095-1 | 187365 | Fixed |
mediawiki | p10 | 1.29.0-alt1 | 1.40.1-alt2 | ALT-PU-2017-2095-1 | 187365 | Fixed |
mediawiki | p9 | 1.32.2-alt1 | 1.36.1-alt1 | ALT-PU-2019-2054-1 | 231690 | Fixed |
mediawiki | c10f1 | 1.29.0-alt1 | 1.37.2-alt1 | ALT-PU-2017-2095-1 | 187365 | Fixed |
mediawiki | c9f2 | 1.32.2-alt1 | 1.34.1-alt2 | ALT-PU-2019-2054-1 | 231690 | Fixed |
References to Advisories, Solutions, and Tools
Hyperlink | Resource |
---|---|
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html |
|
https://phabricator.wikimedia.org/T199540 |
|