admin/cvelist
1
0
Fork 0
mirror of https://github.com/CVEProject/cvelist.git synced 2025-07-29 05:56:59 +00:00
Code Issues Packages Projects Releases Wiki Activity

"-Synchronized-Data."

Browse Source
This commit is contained in:
CVE Team 2020-09-27 21:01:32 +00:00
parent 2c95b0993b
commit 3516297386
No known key found for this signature in database
GPG Key ID: 5708902F06FEF743
10 changed files with 577 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

66
2020/25xxx/CVE-2020-25812.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25812",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25812",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MediaWiki 1.34.x before 1.34.4. On Special:Contributions, the NS filter uses unescaped messages as keys in the option key for an HTMLForm specifier. This is vulnerable to a mild XSS if one of those messages is changed to include raw HTML."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ad4a3ba45fb955aa8c0eb3c83809b16b40a498b9/includes/specials/SpecialContributions.php#592"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25813.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25813",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25813",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, Special:UserRights exposes the existence of hidden users."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://meta.wikimedia.org/wiki/Special:UserRights",
"refsource": "MISC",
"name": "https://meta.wikimedia.org/wiki/Special:UserRights"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25814.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25814",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25814",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "In MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4, XSS related to jQuery can occur. The attacker creates a message with [javascript:payload xss] and turns it into a jQuery object with mw.message().parse(). The expected result is that the jQuery object does not contain an <a> tag (or it does not have a href attribute, or it's empty, etc.). The actual result is that the object contains an <a href =\"javascript... that executes when clicked."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg",
"refsource": "MISC",
"name": "https://www.mediawiki.org/wiki/ResourceLoader/Core_modules#mediawiki.jqueryMsg"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25815.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25815",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25815",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MediaWiki 1.32.x through 1.34.x before 1.34.4. LogEventList::getFiltersDesc is insecurely using message text to build options names for an HTML multi-select field. The relevant code should use escaped() instead of text()."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/g/mediawiki/core/+/ec76e14be658187544f07c1a249a047e1a75eaf8/includes/logging/LogEventsList.php#214"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25827.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25827",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25827",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in the OATHAuth extension in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. For Wikis using OATHAuth on a farm/cluster (such as via CentralAuth), rate limiting of OATH tokens is only done on a single site level. Thus, multiple requests can be made across many wikis/sites concurrently."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T251661",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T251661"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25828.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25828",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25828",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An issue was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. The non-jqueryMsg version of mw.message().parse() doesn't escape HTML. This affects both message contents (which are generally safe) and the parameters (which can be based on user input). (When jqueryMsg is loaded, it correctly accepts only whitelisted tags in message contents, and escapes all parameters. Situations with an unloaded jqueryMsg are rare in practice, but can for example occur for Special:SpecialPages on a wiki with no extensions installed.)"
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce",
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-announce"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

66
2020/25xxx/CVE-2020-25869.json
View File

@ -1,17 +1,71 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-25869",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
"ID": "CVE-2020-25869",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
"value": "An information leak was discovered in MediaWiki before 1.31.10 and 1.32.x through 1.34.x before 1.34.4. Handling of actor ID does not necessarily use the correct database or correct wiki."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T260485",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T260485"
},
{
"refsource": "CONFIRM",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"
},
{
"refsource": "MISC",
"name": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html",
"url": "https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"
}
]
}

67
2020/26xxx/CVE-2020-26120.json Normal file
View File

@ -0,0 +1,67 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26120",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "XSS exists in the MobileFrontend extension for MediaWiki before 1.34.4 because section.line is mishandled during regex section line replacement from PageGateway. Using crafted HTML, an attacker can elicit an XSS attack via jQuery's parseHTML method, which can cause image callbacks to fire even without the element being appended to the DOM."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://phabricator.wikimedia.org/T262213",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T262213"
},
{
"url": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/I42e079bc875d17b336ab015f3678eaedc26e10ea"
}
]
}
}

72
2020/26xxx/CVE-2020-26121.json Normal file
View File

@ -0,0 +1,72 @@
{
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-26121",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An issue was discovered in the FileImporter extension for MediaWiki before 1.34.4. An attacker can import a file even when the target page is protected against \"page creation\" and the attacker should not be able to create it. This occurs because of a mishandled distinction between an upload restriction and a create restriction. An attacker cannot leverage this to overwrite anything, but can leverage this to force a wiki to have a page with a disallowed title."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"url": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png",
"refsource": "MISC",
"name": "https://commons.wikimedia.org/w/index.php?oldid=454609892#File:Wiki.png"
},
{
"url": "https://phabricator.wikimedia.org/T262628",
"refsource": "MISC",
"name": "https://phabricator.wikimedia.org/T262628"
},
{
"url": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b",
"refsource": "MISC",
"name": "https://gerrit.wikimedia.org/r/q/Ib852a96afc4dca10516d0510e69c10f9892b351b"
}
]
}
}

18
2020/26xxx/CVE-2020-26122.json Normal file
View File

@ -0,0 +1,18 @@
{
"data_type": "CVE",
"data_format": "MITRE",
"data_version": "4.0",
"CVE_data_meta": {
"ID": "CVE-2020-26122",
"ASSIGNER": "cve@mitre.org",
"STATE": "RESERVED"
},
"description": {
"description_data": [
{
"lang": "eng",
"value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
}
]
}
}