CVE-2012-4380

high

Description

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.

References

Advisories
More

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330

http://www.openwall.com/lists/oss-security/2012/08/31/6

http://www.openwall.com/lists/oss-security/2012/08/31/10

https://phabricator.wikimedia.org/T41824

https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html

https://bugzilla.redhat.com/show_bug.cgi?id=853440

Details

Source: Mitre, NVD

Published: 2017-10-19

Updated: 2025-04-20

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Severity: High

EPSS

EPSS: 0.00498

Detections

Analytics