Spoofing attack in MediaWiki - #VU81438
Published: October 3, 2023
Vulnerability identifier: #VU81438
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:P/PR:H/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: N/A
CWE-ID: CWE-451
Exploitation vector: Remote access
Exploit availability:
No public exploit available
Vendor: MediaWiki.org
Affected software:
MediaWiki
MediaWiki
Detailed vulnerability description
The vulnerability allows a remote user to perform spoofing attack.
The vulnerability exists due to incorrect processing of permissions, which leads to users with incorrect permissions to be incorrectly displayed.
Remediation
Install updates from vendor's website.