vulnerability

MediaWiki: Information Exposure (CVE-2021-46148)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Jan 10, 2022	Jan 17, 2022	Mar 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Jan 10, 2022

Added

Jan 17, 2022

Modified

Mar 7, 2024

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.

Solutions

mediawiki-upgrade-1_35_5mediawiki-upgrade-1_36_3mediawiki-upgrade-1_37_1

References

CVE-2021-46148
https://attackerkb.com/topics/CVE-2021-46148
URL-https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0
URL-https://phabricator.wikimedia.org/T290808
URL-https://phabricator.wikimedia.org/T290856

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today