CVE-2020-29005

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.35

Description: The issue concerns the API in the Push extension for MediaWiki, which used cleartext for ApiPush credentials. This could potentially lead to information disclosure.

Recommendations: For MediaWiki versions through 1.35, consider disabling the Push extension until a secure version is available to prevent potential information disclosure. Restrict access to the API endpoints related to the Push extension to minimize the risk of exploitation. Avoid using cleartext credentials in the ApiPush configuration until the issue is resolved.

Fix

Cleartext Transmission of Sensitive Information

Insufficiently Protected Credentials

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319CWE-522

Related Identifiers

ALT-PU-2020-3022

ALT-PU-2020-3055

BIT-MEDIAWIKI-2020-29005

CVE-2020-29005

Affected Products

Alt Linux

Mediawiki

Push Extension

CVE-2020-29005

Weakness Enumeration

Related Identifiers

Affected Products

References · 7