CVE-2020-5302 Information

Description

MH-WikiBot (an IRC Bot for interacting with the Miraheze API) had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Reference

https://github.com/examknow/MH-WikiBot/compare/2eac90d…1a62da1 https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

LOW

Base Score

NONE

Base Severity

6.5