vulnerability
MediaWiki: Information Exposure (CVE-2015-8628)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:P/I:N/A:N) | Mar 23, 2017 | Aug 24, 2017 | Mar 7, 2024 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:P/I:N/A:N)
Published
Mar 23, 2017
Added
Aug 24, 2017
Modified
Mar 7, 2024
Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
Solution
mediawiki-upgrade-latest
References
- CVE-2015-8628
- https://attackerkb.com/topics/CVE-2015-8628
- URL-http://www.openwall.com/lists/oss-security/2015/12/21/8
- URL-http://www.openwall.com/lists/oss-security/2015/12/23/7
- URL-https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html
- URL-https://phabricator.wikimedia.org/T109724
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.