Description

MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

Remediation

References

CVE-2016-6337

Related Vulnerabilities

OpenSSL Cryptographic Issues Vulnerability (CVE-2015-0204)

MySQL CVE-2016-8287 Vulnerability (CVE-2016-8287)

Apache Tomcat Other Vulnerability (CVE-2007-2449)

PHP Integer Overflow or Wraparound Vulnerability (CVE-2016-6207)

Jboss EAP Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-7853)

Severity

High

Classification

CVE-2016-6337 CWE-284 CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Tags

Missing Update Known Vulnerabilities