vulnerability
MediaWiki: Information Exposure (CVE-2012-4382)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:L/Au:S/C:P/I:N/A:N) | Oct 19, 2017 | Oct 23, 2019 | Mar 7, 2024 |
Severity
4
CVSS
(AV:N/AC:L/Au:S/C:P/I:N/A:N)
Published
Oct 19, 2017
Added
Oct 23, 2019
Modified
Mar 7, 2024
Description
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
Solution
mediawiki-upgrade-latest
References
- CVE-2012-4382
- https://attackerkb.com/topics/CVE-2012-4382
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/10
- URL-http://www.openwall.com/lists/oss-security/2012/08/31/6
- URL-https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html
- URL-https://phabricator.wikimedia.org/T41823
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.