Candidate: CVE-2019-12472
PublicDate: 2019-07-10 16:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-12472
 https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
 https://phabricator.wikimedia.org/T199540
Description:
 An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki
 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range
 blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2,
 1.30.2 and 1.27.6.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N [7.5 HIGH]


Patches_mediawiki:
upstream_mediawiki: released (1:1.31.2-1)
precise/esm_mediawiki: DNE
trusty_mediawiki: ignored (out of standard support)
trusty/esm_mediawiki: DNE
xenial_mediawiki: DNE
bionic_mediawiki: needed
cosmic_mediawiki: ignored (reached end-of-life)
disco_mediawiki: ignored (reached end-of-life)
eoan_mediawiki: released (1:1.31.2-1)
focal_mediawiki: released (1:1.31.2-1)
groovy_mediawiki: released (1:1.31.2-1)
hirsute_mediawiki: released (1:1.31.2-1)
impish_mediawiki: released (1:1.31.2-1)
jammy_mediawiki: released (1:1.31.2-1)
devel_mediawiki: released (1:1.31.2-1)