Description

In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.

Remediation

References

CVE-2020-10534

Related Vulnerabilities

WordPress 4.7.x Cross-Domain Flash Injection Vulnerability (4.7 - 4.7.8)

Drupal Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2011-2714)

WordPress 4.4.x Multiple Vulnerabilities (4.4 - 4.4.12)

MySQL CVE-2020-2752 Vulnerability (CVE-2020-2752)

WordPress Plugin Itinerary Cross-Site Scripting (1.0.0)

Severity

Critical

Classification

CVE-2020-10534 CWE-269 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities