CVE-2018-0505

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains a flaw where BotPasswords can bypass CentralAuths account lock

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

Name	Vendor	Start Version	End Version
Mediawiki	Mediawiki	1.31.0 (including)	1.31.1 (excluding)
Mediawiki	Mediawiki	1.27.5 (including)	1.27.5 (including)
Mediawiki	Mediawiki	1.29.3 (including)	1.29.3 (including)
Mediawiki	Mediawiki	1.30.1 (including)	1.30.1 (including)
Red Hat OpenShift Container Platform 3.10	RedHat	mediawiki-0:1.27.7-1.el7	*
Red Hat OpenShift Container Platform 3.11	RedHat	mediawiki-0:1.27.7-1.el7	*
Red Hat OpenShift Container Platform 3.9	RedHat	mediawiki123-0:1.23.17-1.el7	*
Mediawiki	Ubuntu	bionic	*
Mediawiki	Ubuntu	esm-apps/bionic	*
Mediawiki	Ubuntu	trusty	*
Mediawiki	Ubuntu	upstream	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2018-0505
CWE	https://cwe.mitre.org/data/definitions/287.html

Improper Authentication