← Back

CVE-2016-6336

nvd nist
Published: Apr 20, 2017Modified: May 13, 2026

JSON object

Loading...
6.5
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N
Exploitability: 2.8 / Impact: 3.6
Source: NVD

Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

Affected (7)

Products: Mediawiki: Mediawiki
Mediawiki
1 product
Mediawiki
Configuration A
7 vulnerable
Vulnerable SoftwareAffected Versions
Mediawiki
Mediawiki
Up to 1.23.14
Mediawiki
Version 1.26.0
Mediawiki
Version 1.26.1
Mediawiki
Version 1.26.2
Mediawiki
Version 1.26.3
Mediawiki
Version 1.26.4
Mediawiki
Version 1.27.0

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (6)

Source: secalert@redhat.com
Issue Tracking
Source: secalert@redhat.com
Mailing ListPatchVendor Advisory
Source: secalert@redhat.com
PatchThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Issue Tracking
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchThird Party Advisory

Timeline

No history available yet.