CVE-2016-6336
6.5
MEDIUM
CVSS 3.1
EPSS 0.10%
Description
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
How to fix CVE-2016-6336
To remediate CVE-2016-6336, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.27.1-1 or later
Is CVE-2016-6336 being exploited?
Low — EPSS is 0.1%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.27.1-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |