MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:L/Au:S/C:N/I:P/A:N
Vendors Products
Mediawiki
  • Mediawiki

Configuration 1 [-]

OR cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*
cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*
References
Link Resource
https://bugzilla.redhat.com/show_bug.cgi?id=1369613 Issue Tracking
https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html Mailing List Patch Vendor Advisory
https://phabricator.wikimedia.org/T132926 Patch Third Party Advisory
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2017-04-20T17:00:00

Updated: 2017-04-20T16:57:02

Reserved: 2016-07-26T00:00:00

Link: CVE-2016-6336

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2017-04-20T17:59:00.743

Modified: 2017-04-24T20:25:05.943

Link: CVE-2016-6336

JSON object: View

cve-icon Redhat Information

No data.

CWE