PT-2013-5080 · Mediawiki+1 · Mediawiki Cleanchanges Extension+1
Teles
·
Published
2013-12-13
·
Updated
2014-02-07
·
CVE-2013-4569
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki CleanChanges extension versions prior to 1.19.9
MediaWiki CleanChanges extension versions 1.20.x prior to 1.20.8
MediaWiki CleanChanges extension versions 1.21.x prior to 1.21.3
Description
The issue allows remote attackers to obtain sensitive information, specifically revision-deleted IPs, via the Recent Changes page when the "Group changes by page in recent changes and watchlist" option is enabled.
Recommendations
For versions prior to 1.19.9, update to version 1.19.9 or later.
For versions 1.20.x prior to 1.20.8, update to version 1.20.8 or later.
For versions 1.21.x prior to 1.21.3, update to version 1.21.3 or later.
Exploit
Fix
Information Disclosure
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Mediawiki Cleanchanges Extension