Mediawiki BotPassword can bypass CentralAuth's account lock
Moderate severity
GitHub Reviewed
Published
May 13, 2022
to the GitHub Advisory Database
•
Updated May 15, 2024
Package
Affected versions
>= 1.27.0, < 1.27.5
>= 1.29.0, < 1.29.3
>= 1.30.0, < 1.30.1
>= 1.31.0, < 1.31.1
Patched versions
1.27.5
1.29.3
1.30.1
1.31.1
Description
Published by the National Vulnerability Database
Oct 4, 2018
Published to the GitHub Advisory Database
May 13, 2022
Reviewed
May 15, 2024
Last updated
May 15, 2024
Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuth's account lock
References