← volver
CVE-2020-5302

unprivileged user can access priviledged action in MH-WikiBot

CVSS 8.2 HIGHEPSS 0.9%CWE-284
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Productos afectados
examknow · MH-WikiBot

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9