NVD

Id
28364  
Name
CVE-2015-8004  
Description
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.  
Reject
 
CVSS Version
2  
CVSS Score
4  
Severity
Medium  
CVSS Base Score
4  
CVSS Impact Subscore
2.9  
CVSS Exploit Subscore
8  
CVSS Vector
(AV:N/AC:L/Au:S/C:N/I:P/A:N)  
Pub Date
2017-01-19  
Published
2015-11-09  
Modified Date
2015-11-10  
Seq
2015-8004  

Actions

Related NVD References

Id NVD Id NVD No. Reference Actions
149117 28364 CVE-2015-8004 1034028  View
149118 28364 CVE-2015-8004 [MediaWiki-announce] 20151016 Security Release: 1.25.3, 1.24.4 and 1.23.11  View
149119 28364 CVE-2015-8004 https://phabricator.wikimedia.org/T95589  View

Related JVN

Id Name Title Summary Cveinfo Name Cveinfo Id Nvdinfo Name Nvdinfo Id Cvssv2 Cvssv3 Jvnurl Published Date Last Updated Date Actions
10502 JVNDB-2015-005822 MediaWiki における改訂制限を解除される脆弱性 MediaWiki は、改訂へのアクセスを適切に制限しないため、改訂制限を解除される脆弱性が存在します。 CVE-2015-8004 85229 CVE-2015-8004 28364 4 http://jvndb.jvn.jp/ja/contents/2015/JVNDB-2015-005822.html 2015-10-16 2015-11-11 View