CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2020-15164

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0770%
EPSS Percentile6.81th
Published2020年8月28日
Last Modified2024年11月21日

Vulnerability Description

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.

Affected Platforms (CPE)

📦
Scratch Wiki

Scratch Login

< 1.1

References & Advisories

🔗 https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679
🔗 https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43
🔗 https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679
🔗 https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43

相關漏洞威脅

CVE-2021-294378.0

ScratchOAuth2 is an Oauth implementation for Scratch. Any ScratchOAuth2-related data normally accessible and modifiable by a user ...

CVE-2020-161410.0

A Use of Hard-coded Credentials vulnerability exists in the NFX250 Series for the vSRX Virtual Network Function (VNF) instance, wh...

CVE-2020-1249310.0

An open port used for debugging in SWARCOs CPU LS4000 Series with versions starting with G4... grants root access to the device wi...

CVE-2020-941110.0

The file transfer component of TIBCO Software Inc.'s TIBCO Managed File Transfer Platform Server for IBM i contains a vulnerabilit...