CVE-2020-10534 Information
Share on:
Feb 14, 2021
cve
Description
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0 an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges one of which is locally disabled.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Reference
https://gerrit.wikimedia.org/r//q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b https://phabricator.wikimedia.org/T229731
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
HIGH
Availability Impact
HIGH
Base Score
HIGH
Base Severity
9.8