CVE-2020-35480

CVSS v3.1

5.3

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1

Description: The issue is related to the incorrect handling of missing and hidden users in MediaWiki, which can expose sensitive information about the hidden status to unprivileged viewers. This can be exploited by a remote attacker to gain access to confidential data. The problem exists in various code paths and affects the handling of users that the viewer cannot see, including missing users and hidden users that have been explicitly hidden due to abusive behavior or similar reasons.

Recommendations: For MediaWiki versions prior to 1.35.1, update to version 1.35.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive information until the update can be applied.

Fix

Information Disclosure

Side Channel Attack

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-203

Related Identifiers

ALT-PU-2020-3554

ALT-PU-2020-3568

BDU:2021-01731

BIT-MEDIAWIKI-2020-35480

CVE-2020-35480

DLA-2504-1

DSA-4816-1

MGASA-2021-0086

Affected Products

Alt Linux

Mediawiki

CVE-2020-35480

Weakness Enumeration

Related Identifiers

Affected Products

References · 30