PT-2018-8864 · Wikimedia+1 · Mediawiki+1

Jjmc89

Published

2018-09-22

Updated

2022-05-13

CVE-2018-0504

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Mediawiki versions 1.31 before 1.31.1 Mediawiki version 1.30.1 Mediawiki version 1.29.3 Mediawiki version 1.27.5

Description The issue is related to an information disclosure flaw in the Special:Redirect/logid.

Recommendations For Mediawiki version 1.31 before 1.31.1, update to version 1.31.1 or later. For Mediawiki version 1.30.1, consider upgrading to a newer version. For Mediawiki version 1.29.3, consider upgrading to a newer version. For Mediawiki version 1.27.5, consider upgrading to a newer version.

Exploit

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALT-PU-2018-2402

CVE-2018-0504

DSA-4301-1

GHSA-HR8V-F4G2-P66F

MGASA-2018-0433

RHSA-2019:3238

RHSA-2019:3813

Affected Products

Alt Linux

Mediawiki

PT-2018-8864 · Wikimedia+1 · Mediawiki+1

CVE-2018-0504

Weakness Enumeration

Related Identifiers

Affected Products

References · 36