Published: 18/12/2020 Updated: 07/11/2023

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

An issue exists in MediaWiki prior to 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mediawiki mediawiki
debian debian linux 9.0
debian debian linux 10.0
fedoraproject fedora 33

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users For the stable distribution (buster), these problems have been fixed in version 1:13112-1~deb10u1 We recommend that you upgrade your mediawiki packages For the detailed sec ...

An issue was discovered in MediaWiki before 1351 Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers This exists on various code pa ...

CWE-203 https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html https://phabricator.wikimedia.org/T120883 https://www.debian.org/security/2020/dsa-4816 https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/https://nvd.nist.gov https://www.debian.org/security/2020/dsa-4816

CVE-2020-35480

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect