CVE-2016-6336

{"id": "CVE-2016-6336", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV30": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.0", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2017-04-20T17:59:00.743", "references": [{"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1369613", "tags": ["Issue Tracking"], "source": "secalert@redhat.com"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2016-August/000195.html", "tags": ["Mailing List", "Patch", "Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "https://phabricator.wikimedia.org/T132926", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-284"}]}], "descriptions": [{"lang": "en", "value": "MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete."}, {"lang": "es", "value": "MediaWiki en versiones anteriores a 1.23.15, 1.26.x en versiones anteriores a 1.26.4, y 1.27.x en versiones anteriores a 1.27.1 permite a los usuarios autenticados remotos con permisos undelete eludir las restricciones destinadas a supresi\u00f3n y eliminaci\u00f3n de la revisi\u00f3n y eliminar el estado de eliminaci\u00f3n de revisi\u00f3n de las revisiones arbitrarias de archivos mediante el uso de Special:Undelete."}], "lastModified": "2017-04-24T20:25:05.943", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F26807BC-B2F2-480D-B5B1-C2D64933A0C8", "versionEndIncluding": "1.23.14"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7B418525-DAC2-461A-B931-BED05CC3AFBF"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C238723-5592-4F0F-869D-91B64DD14FBF"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "22685E70-3EE0-484B-8A4C-139C28BDD2B1"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3BD0A725-B06B-456D-8A8B-9DA5468935FA"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.26.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7ED98FFC-4397-4F27-AC36-BB7A42A92F89"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.27.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F75E06F7-6D23-4BEB-80B4-3DE33193CA95"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}