Candidate: CVE-2018-0505
PublicDate: 2018-10-04 20:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-0505
 https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
 https://phabricator.wikimedia.org/T194605
Description:
 Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw
 where BotPasswords can bypass CentralAuth's account lock
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N [6.5 MEDIUM]


Patches_mediawiki:
upstream_mediawiki: released (1:1.31.1-1)
precise/esm_mediawiki: DNE
trusty_mediawiki: ignored (reached end-of-life)
trusty/esm_mediawiki: DNE (trusty was needs-triage)
xenial_mediawiki: DNE
bionic_mediawiki: needed
cosmic_mediawiki: not-affected (1:1.31.1-2)
disco_mediawiki: not-affected (1:1.31.1-2)
eoan_mediawiki: not-affected (1:1.31.1-2)
focal_mediawiki: not-affected (1:1.31.1-2)
groovy_mediawiki: not-affected (1:1.31.1-2)
hirsute_mediawiki: not-affected (1:1.31.1-2)
impish_mediawiki: not-affected (1:1.31.1-2)
jammy_mediawiki: not-affected (1:1.31.1-2)
devel_mediawiki: not-affected (1:1.31.1-2)