CVE-2020-5302

Published: Apr 7, 2020Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Exploitability: 3.9 / Impact: 2.5

Source: NVD

Description

MH-WikiBot (an IRC Bot for interacting with the Miraheze API), had a bug that allowed any unprivileged user to access the steward commands on the IRC interface by impersonating the Nickname used by a privileged user as no check was made to see if they were logged in. The issue has been fixed in commit 23d9d5b0a59667a5d6816fdabb960b537a5f9ed1.

Affected (1)

Products: Mh Wikibot Project: Mh Wikibot

Mh Wikibot Project

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mh Wikibot Project Mh Wikibot	Before 2020-04-06

Related CWEs

Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1

Source: security-advisories@github.com

https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9

Source: security-advisories@github.com

Third Party Advisory

https://github.com/examknow/MH-WikiBot/compare/2eac90d...1a62da1

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/examknow/MH-WikiBot/security/advisories/GHSA-7hf3-wvp8-34r9

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.