CVE-2013-2032
Publication date 18 November 2013
Last updated 24 July 2024
Ubuntu priority
MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.
Status
Package | Ubuntu Release | Status |
---|---|---|
mediawiki | 18.04 LTS bionic |
Not affected
|
16.04 LTS xenial | Not in release | |
14.04 LTS trusty | Not in release | |
Patch details
Package | Patch details |
---|---|
mediawiki |
|