CVE-2015-8628

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.23.12 MediaWiki versions 1.24.x prior to 1.24.5 MediaWiki versions 1.25.x prior to 1.25.4 MediaWiki versions 1.26.x prior to 1.26.1

Description The issue allows remote attackers to obtain sensitive user login information via crafted links combined with page view statistics on certain special pages, including Special:MyPage, Special:MyTalk, Special:MyContributions, Special:MyUploads, and Special:AllMyUploads.

Recommendations For MediaWiki versions prior to 1.23.12, update to version 1.23.12 or later. For MediaWiki versions 1.24.x prior to 1.24.5, update to version 1.24.5 or later. For MediaWiki versions 1.25.x prior to 1.25.4, update to version 1.25.4 or later. For MediaWiki versions 1.26.x prior to 1.26.1, update to version 1.26.1 or later.