CVE-2020-5302
HIGHmh-wikibot < 2020-04-06 - Unauthenticated Privilege Escalation via Nickname Impersonation
Title source: llmDescription
MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.
References (2)
Core 2
Core References
Third Party Advisory x_refsource_confirm
https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9
Various Sources x_refsource_misc
https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1
Scores
CVSS v3
8.2
EPSS
0.0087
EPSS Percentile
54.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:L/A:N
Details
CWE
CWE-269
CWE-284
Status
published
Products (1)
mh-wikibot_project/mh-wikibot
< 2020-04-06
Published
Apr 07, 2020
Tracked Since
Feb 18, 2026