Vulnerability Description
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
CVSS Score
7.5
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.18.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2012/08/31/10Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/6Mailing ListPatchThird Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=853440Issue Tracking
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.htmlPatchVendor Advisory
- https://phabricator.wikimedia.org/T41824Issue TrackingVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/10Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/6Mailing ListPatchThird Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330Issue TrackingThird Party Advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=853440Issue Tracking
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.htmlPatchVendor Advisory
- https://phabricator.wikimedia.org/T41824Issue TrackingVendor Advisory
FAQ
What is CVE-2012-4380?
CVE-2012-4380 is a vulnerability with a CVSS score of 7.5 (HIGH). MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
How severe is CVE-2012-4380?
CVE-2012-4380 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4380?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.