Description
In the GlobalBlocking extension before 2020-03-10 for MediaWiki through 1.34.0, an issue related to IP range evaluation resulted in blocked users re-gaining escalated privileges. This is related to the case in which an IP address is contained in two ranges, one of which is locally disabled.
References (2)
Core 2
Core References
Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T229731
Patch, Vendor Advisory x_refsource_misc
https://gerrit.wikimedia.org/r/#/q/I9cc5fb2c08c78bbd797a5fc6d89f4577c8cc118b
Scores
CVSS v3
9.8
EPSS
0.0032
EPSS Percentile
55.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-863
Status
published
Products (1)
mediawiki/mediawiki
< 1.34.0
Published
Mar 12, 2020
Tracked Since
Feb 18, 2026