Mediawiki: >> Mediawiki >> 1.31.16 Security Vulnerabilities
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.
CVSS Score
9.8
EPSS Score
0.012
Published
2020-03-12
MediaWiki through 1.33.1 allows attackers to bypass the Title_blacklist protection mechanism by starting with an arbitrary title, establishing a non-resolvable redirect for the associated page, and using redirect=1 in the action API when editing that page.
CVSS Score
6.1
EPSS Score
0.016
Published
2019-12-11
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVSS Score
8.8
EPSS Score
0.008
Published
2019-07-10
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.
CVSS Score
9.8
EPSS Score
0.034
Published
2019-07-10
Page 17