PT-2019-15536 · Mediawiki · Mediawiki Checkuser Extension

Umherirrender

Published

2019-10-29

Updated

2019-10-31

CVE-2019-18611

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki CheckUser extension versions through 1.34

Description An issue in the CheckUser extension for MediaWiki potentially exposed sensitive information within oversighted edit summaries to users with various levels of access. This sensitive information was made available via the MediaWiki API, allowing unauthorized access to data that should have been restricted.

Recommendations For MediaWiki CheckUser extension versions through 1.34, update to a version that fixes this issue to prevent unauthorized access to sensitive information.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

CVE-2019-18611

Affected Products

Mediawiki Checkuser Extension

PT-2019-15536 · Mediawiki · Mediawiki Checkuser Extension

CVE-2019-18611

Weakness Enumeration

Related Identifiers

Affected Products

References · 4