Published: 12/05/2014 Updated: 13/05/2014

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

MediaWiki prior to 1.19.10, 1.2x prior to 1.21.4, and 1.22.x prior to 1.22.1 allows remote malicious users to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki 1.22.0
mediawiki mediawiki 1.19
mediawiki mediawiki 1.19.0
mediawiki mediawiki 1.19.7
mediawiki mediawiki
mediawiki mediawiki 1.19.1
mediawiki mediawiki 1.19.6
mediawiki mediawiki 1.19.8
mediawiki mediawiki 1.19.2
mediawiki mediawiki 1.19.3
mediawiki mediawiki 1.19.4
mediawiki mediawiki 1.19.5
mediawiki mediawiki 1.21.3
mediawiki mediawiki 1.21
mediawiki mediawiki 1.21.1
mediawiki mediawiki 1.21.2

Debian Bug report logs - #742857 mediawiki: login CSRF in Special:ChangePassword Package: mediawiki; Maintainer for mediawiki is Kunal Mehta <legoktm@debianorg>; Source for mediawiki is src:mediawiki (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> Date: Fri, 28 Mar 2014 07:03:01 UTC Severity: importan ...

Several vulnerabilities were discovered in MediaWiki, a wiki engine The Common Vulnerabilities and Exposures project identifies the following issues: CVE-2013-2031 Cross-site scripting attack via valid UTF-7 encoded sequences in a SVG file CVE-2013-4567 & CVE-2013-4568 Kevin Israel (Wikipedia user PleaseStand) reported two wa ...

CWE-200 http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html https://nvd.nist.gov https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857 https://www.debian.org/security/./dsa-2891

CVE-2013-6472

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect