Vulnerability in Gentoo Linux
CVE-2013-2032
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions o…
EPSS: 0.007 (73.4th percentile) — read the EPSS interpretation.
Affected products
- Gentoo Linux
- Mediawiki — versions 1.1.0, 1.10.0, 1.10.1
- Fedoraproject Fedora — versions 17, 18, 19
- N/a — versions n/a
Weakness classification (CWE)
References
- FEDORA-2013-7714 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- 55433 (x_refsource_SECUNIA, third-party-advisory)
- FEDORA-2013-7654 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- FEDORA-2013-7701 (x_refsource_FEDORA, vendor-advisory, Third Party Advisory)
- GLSA-201310-21 (vendor-advisory, Third Party Advisory, x_refsource_GENTOO)
- [MediaWiki-announce] 20130430 MediaWiki Security Release: 1.20.5 and 1.19.6 (mailing-list, x_refsource_MLIST, Patch)
- secalert@redhat.com (x_refsource_CONFIRM, Patch, Issue Tracking)