{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2020-06-02T13:52:22", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T232932"}, {"tags": ["x_refsource_MISC"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"}, {"tags": ["x_refsource_MISC"], "url": "https://phabricator.wikimedia.org/T240393"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2020-10959", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://phabricator.wikimedia.org/T232932", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T232932"}, {"name": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725", "refsource": "MISC", "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"}, {"name": "https://phabricator.wikimedia.org/T240393", "refsource": "MISC", "url": "https://phabricator.wikimedia.org/T240393"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:21:14.656Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.wikimedia.org/T232932"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://phabricator.wikimedia.org/T240393"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2020-10959", "datePublished": "2020-06-02T13:52:22", "dateReserved": "2020-03-25T00:00:00", "dateUpdated": "2024-08-04T11:21:14.656Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "matchCriteriaId": "640D348A-3B0B-4670-931C-1CF560E779B0", "versionEndExcluding": "1.35", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page."}, {"lang": "es", "value": "En el archivo resources/src/mediawiki.page.ready/ready.js en MediaWiki versiones anteriores a 1.35, permite a atacantes remotos forzar un cierre de sesi\u00f3n y una redirecci\u00f3n externa por medio del contenido HTML en una p\u00e1gina de MediaWiki."}], "id": "CVE-2020-10959", "lastModified": "2024-11-21T04:56:27.397", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-06-02T14:15:10.507", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T232932"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T240393"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://gerrit.wikimedia.org/r/c/mediawiki/core/+/536725"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Patch", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T232932"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://phabricator.wikimedia.org/T240393"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-601"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "mediawiki: user content can redirect the logout button to different URL", "id": "1826079", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1826079"}, "csaw": false, "cvss3": {"cvss3_base_score": "5.4", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N", "status": "draft"}, "cwe": "CWE-601", "details": ["resources/src/mediawiki.page.ready/ready.js in MediaWiki before 1.35 allows remote attackers to force a logout and external redirection via HTML content in a MediaWiki page.", "A flaw was found in MediaWiki, where an attacker can control the MediaWiki logout redirect URL. This flaw allows an attacker with the ability to create wiki pages, to change the logout URL that a user is redirected to when logging out."], "name": "CVE-2020-10959", "package_state": [{"cpe": "cpe:/a:redhat:openshift:3.11", "fix_state": "Will not fix", "package_name": "mediawiki", "product_name": "Red Hat OpenShift Container Platform 3.11"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "mediawiki", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2019-09-14T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10959\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10959"], "statement": "The MediaWiki Ansible playbook has been removed from OpenShift Container Platform in version 4.3 and later.", "threat_severity": "Moderate", "upstream_fix": "mediawiki 1.34.0"}