PT-2019-3447 · Wikimedia+1 · Mediawiki+1
Ohgi
·
Published
2019-06-07
·
Updated
2025-09-29
·
CVE-2019-12469
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
MediaWiki versions prior to 1.32.2
MediaWiki versions prior to 1.31.2
MediaWiki versions prior to 1.30.2
MediaWiki versions prior to 1.27.6
Description
The issue is related to insufficient access control in MediaWiki, allowing a remote attacker to gain unauthorized access to information. Specifically, suppressed usernames or log in Special:EditTags are exposed.
Recommendations
For MediaWiki versions prior to 1.32.2, update to version 1.32.2 or later.
For MediaWiki versions prior to 1.31.2, update to version 1.31.2 or later.
For MediaWiki versions prior to 1.30.2, update to version 1.30.2 or later.
For MediaWiki versions prior to 1.27.6, update to version 1.27.6 or later.
Exploit
Fix
Information Disclosure
Improper Access Control
Missing Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Mediawiki