DEBIAN-CVE-2013-2032

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2013-2032

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2013-2032.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2013-2032

Upstream

CVE-2013-2032

Published

2013-11-18T02:55:07Z

Modified

2025-09-25T00:31:14.063130Z

Summary

[none]

Details

MediaWiki before 1.19.6 and 1.20.x before 1.20.5 does not allow extensions to prevent password changes without using both Special:PasswordReset and Special:ChangePassword, which allows remote attackers to bypass the intended restrictions of an extension that only implements one of these blocks.

References

https://security-tracker.debian.org/tracker/CVE-2013-2032

Affected packages

Debian:11 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.19.6-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:12 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.19.6-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:13 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.19.6-1

Ecosystem specific

{
    "urgency": "low"
}

Debian:14 / mediawiki

Package

Name: mediawiki
Purl: pkg:deb/debian/mediawiki?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1:1.19.6-1

Ecosystem specific

{
    "urgency": "low"
}