Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CERTFR-2015-AVI-566
Vulnerability from certfr_avis
De multiples vulnérabilités ont été corrigées dans Mediawiki. Certaines d'entre elles permettent à un attaquant de provoquer un contournement de la politique de sécurité, une atteinte à l'intégrité des données et une atteinte à la confidentialité des données.
Contournement provisoire
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
MediaWiki 1.26.1, 1.25.4, 1.24.5 et 1.23.12
Impacted products
| Vendor | Product | Description |
|---|
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [],
"affected_systems_content": "\u003cP\u003eMediaWiki 1.26.1, 1.25.4, 1.24.5 et 1.23.12\u003c/P\u003e",
"content": "## Contournement provisoire\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2015-8627",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8627"
},
{
"name": "CVE-2015-8626",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8626"
},
{
"name": "CVE-2015-8623",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8623"
},
{
"name": "CVE-2015-8625",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8625"
},
{
"name": "CVE-2015-8628",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8628"
},
{
"name": "CVE-2015-8624",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8624"
},
{
"name": "CVE-2015-8622",
"url": "https://www.cve.org/CVERecord?id=CVE-2015-8622"
}
],
"initial_release_date": "2015-12-29T00:00:00",
"last_revision_date": "2015-12-29T00:00:00",
"links": [],
"reference": "CERTFR-2015-AVI-566",
"revisions": [
{
"description": "version initiale.",
"revision_date": "2015-12-29T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Injection de code indirecte \u00e0 distance"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 corrig\u00e9es dans \u003cspan\nclass=\"textit\"\u003eMediawiki\u003c/span\u003e. Certaines d\u0027entre elles permettent \u00e0 un\nattaquant de provoquer un contournement de la politique de s\u00e9curit\u00e9, une\natteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es et une atteinte \u00e0 la confidentialit\u00e9\ndes donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans Mediawiki",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T117899 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T117899"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T115522 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T115522"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T109724 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T109724"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T119309 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T118032 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T118032"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Mediawiki T97897 du 23 d\u00e9cembre 2015",
"url": "https://phabricator.wikimedia.org/T97897"
}
]
}
CVE-2015-8625 (GCVE-0-2015-8625)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.531Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T118032"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T118032"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8625",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly sanitize parameters when calling the cURL library, which allows remote attackers to read arbitrary files via an @ (at sign) character in unspecified POST array parameters."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "https://phabricator.wikimedia.org/T118032",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T118032"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8625",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.531Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8627 (GCVE-0-2015-8627)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.575Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T97897"
},
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T97897"
},
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 do not properly normalize IP addresses containing zero-padded octets, which might allow remote attackers to bypass intended access restrictions by using an IP address that was not supposed to have been allowed."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://phabricator.wikimedia.org/T97897",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T97897"
},
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8627",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.575Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8624 (GCVE-0-2015-8624)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.559Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8624",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "https://phabricator.wikimedia.org/T119309",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8624",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.559Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8628 (GCVE-0-2015-8628)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.576Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T109724"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T109724"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "https://phabricator.wikimedia.org/T109724",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T109724"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8628",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.576Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8622 (GCVE-0-2015-8622)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named "javascript:alert('XSS!')."
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.681Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T117899"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert(\u0027XSS!\u0027).\""
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T117899"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8622",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Cross-site scripting (XSS) vulnerability in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1, when is configured with a relative URL, allows remote authenticated users to inject arbitrary web script or HTML via wikitext, as demonstrated by a wikilink to a page named \"javascript:alert(\u0027XSS!\u0027).\""
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "https://phabricator.wikimedia.org/T117899",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T117899"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8622",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.681Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8623 (GCVE-0-2015-8623)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624.
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.473Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8623",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12 and 1.24.x before 1.24.5 does not perform token comparison in constant time before returning, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8624."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "https://phabricator.wikimedia.org/T119309",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T119309"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"name": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php",
"refsource": "CONFIRM",
"url": "https://gerrit.wikimedia.org/r/#/c/156336/5/includes/User.php"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8623",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.473Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2015-8626 (GCVE-0-2015-8626)
Vulnerability from cvelistv5
Published
2017-03-23 20:00
Modified
2024-08-06 08:20
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack.
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T08:20:43.535Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://phabricator.wikimedia.org/T115522"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2015-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-03-23T19:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://phabricator.wikimedia.org/T115522"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2015-8626",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "The User::randomPassword function in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 generates passwords smaller than $wgMinimalPasswordLength, which makes it easier for remote attackers to obtain access via a brute-force attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[MediaWiki-announce] 20151221 [MediaWiki-announce] Security Release: 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html"
},
{
"name": "[oss-security] 20151223 Re: CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/23/7"
},
{
"name": "[oss-security] 20151221 CVE requests for MediaWiki 1.26.1, 1.25.4, 1.24.5 and 1.23.12",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2015/12/21/8"
},
{
"name": "https://phabricator.wikimedia.org/T115522",
"refsource": "CONFIRM",
"url": "https://phabricator.wikimedia.org/T115522"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2015-8626",
"datePublished": "2017-03-23T20:00:00",
"dateReserved": "2015-12-23T00:00:00",
"dateUpdated": "2024-08-06T08:20:43.535Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…