Home > Vulnerability Database > CVE-2020-15164

Mend.io Vulnerability Database

CVE-2020-15164

Good to know:

Date: August 28, 2020

in Scratch Login (MediaWiki extension) before version 1.1, any account can be logged into by using the same username with leading, trailing, or repeated underscore(s), since those are treated as whitespace and trimmed by MediaWiki. This affects all users on any wiki using this extension. Since version 1.1, comments by users whose usernames would be trimmed on MediaWiki are ignored when searching for the verification code.

Language: PHP

Severity Score

10.0

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2020-15164

Url: https://github.com/InternationalScratchWiki/mediawiki-scratch-login/security/advisories/GHSA-8fq5-g4m5-6j43

Url: https://github.com/InternationalScratchWiki/mediawiki-scratch-login/commit/70849ef375016a1061490c8c4744046dbfc3e679

Url: https://www.mend.io/vulnerability-database/CVE-2020-15164

Severity Score

10.0

Weakness Type (CWE)

Authentication Issues

CWE-287

Injection

CWE-74

Top Fix

Upgrade Version

Upgrade to version 1.1

Learn More

CVSS v3.1

Base Score:	10.0
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

CVSS v2

Base Score:	6.4
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2020-15164

Good to know:

Date: August 28, 2020

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?