PT-2019-15536 · Mediawiki · Mediawiki Checkuser Extension

Umherirrender

Publicado

2019-10-29

Atualizado

2019-10-31

CVE-2019-18611

CVSS v3.1

6.5

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki CheckUser extension versions through 1.34

Description An issue in the CheckUser extension for MediaWiki potentially exposed sensitive information within oversighted edit summaries to users with various levels of access. This sensitive information was made available via the MediaWiki API, allowing unauthorized access to data that should have been restricted.

Recommendations For MediaWiki CheckUser extension versions through 1.34, update to a version that fixes this issue to prevent unauthorized access to sensitive information.

Correção

Information Disclosure

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-200

Identificadores relacionados

CVE-2019-18611

Produtos afetados

Mediawiki Checkuser Extension

PT-2019-15536 · Mediawiki · Mediawiki Checkuser Extension

CVE-2019-18611

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 4