CVE-2018-0503

MEDIUM4.3EPSS 0.38%

Mediawiki Improper Privilege Management

Published: 5/13/2022Modified: 4/28/2026

Also known as:GHSA-mhfv-9h99-jwg7DEBIAN-CVE-2018-0503

Description

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where contrary to the documentation, $wgRateLimits entry for 'user' overrides that for 'newbie'.

Affected packages (3)

Debian/mediawikifrom 0, < 1:1.31.1-1
Debian/mediawikifrom 0, < 1:1.27.5-1~deb9u1
Packagist/mediawiki/core>= 1.27.0, < 1.27.5

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (11)

ADVISORYhttps://nvd.nist.gov/vuln/detail/CVE-2018-0503
ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2018-0503
PATCHhttps://github.com/wikimedia/mediawiki
WEBhttps://access.redhat.com/errata/RHSA-2019:3142
WEBhttps://access.redhat.com/errata/RHSA-2019:3238
WEBhttps://access.redhat.com/errata/RHSA-2019:3813
WEBhttps://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2018-0503.yaml
WEBhttps://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
WEBhttps://phabricator.wikimedia.org/T169545
WEBhttps://www.debian.org/security/2018/dsa-4301
WEBhttp://www.securitytracker.com/id/1041695