CNNVD-202510-2703 Information
CNNVD ID
CNNVD-202510-2703
Related CVE
- CNNVD Published: 2025-10-21
Description (Chinese)
MediaWiki - Thanks Extension和MediaWiki - Growth Experiments Extension都是MediaWiki开源的产品。MediaWiki - Thanks Extension是一个致谢扩展。MediaWiki - Growth Experiments Extension是一个网页扩展。 MediaWiki - Thanks Extension和MediaWiki - Growth Experiments Extension 1.44之前版本存在安全漏洞,该漏洞源于默认权限不正确,可能导致访问未受ACLs适当约束的功能。
Description (English)
MediaWiki - Banks Extension and MediaWiki - Growth Exports Extension are both from MediaWiki open source products. MediaWiki - thanks Extension is an extension. MediaWiki - Growth Exports Extension is a web extension. There is a security loophole in the pre-modern version of MediaWiki - Tanks Extension and MediaWiki - Growth Exports Extension 1.44, which stems from incorrect default privileges, which may lead to access to functions that are not properly bound by ACLs.
Hazard Level
High
Vulnerability Type
其他
Affected Vendor
维基媒体
Published
2025-10-21
Last Modified
2026-02-24
References
https://gerrit.wikimedia.org/r/q/Ia584966bb7d4d707eef50529293aa3d468470f18 https://gerrit.wikimedia.org/r/q/Idbc1b5a288ffaa7074eedcbac066358a8ec649dc https://phabricator.wikimedia.org/T397497
Patch
https://phabricator.wikimedia.org/T397497
Share on: