CVE-2018-0503 Information

Description

Mediawiki 1.31 before 1.31.1 1.30.1 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation $wgRateLimits entry for ‘user’ overrides that for ’newbie’.

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Reference

http://www.securitytracker.com/id/1041695 https://access.redhat.com/errata/RHSA-2019:3142 https://access.redhat.com/errata/RHSA-2019:3238 https://access.redhat.com/errata/RHSA-2019:3813 https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html https://phabricator.wikimedia.org/T169545 https://www.debian.org/security/2018/dsa-4301

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

LOW

Base Score

NONE

Base Severity

4.3