vulnerability
MediaWiki: Information Exposure (CVE-2014-9481)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Jan 27, 2020 | Feb 7, 2020 | Mar 7, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Jan 27, 2020
Added
Feb 7, 2020
Modified
Mar 7, 2024
Description
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
Solution(s)
mediawiki-upgrade-1_19_23mediawiki-upgrade-1_22_15mediawiki-upgrade-1_23_8mediawiki-upgrade-1_24_1
References
- CVE-2014-9481
- https://attackerkb.com/topics/CVE-2014-9481
- URL-http://www.openwall.com/lists/oss-security/2014/12/21/2
- URL-http://www.openwall.com/lists/oss-security/2015/01/03/13
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html
- URL-https://phabricator.wikimedia.org/T73167
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.