MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
References
Link | Resource |
---|---|
https://phabricator.wikimedia.org/T41823 | Issue Tracking Vendor Advisory |
https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.html | Patch Vendor Advisory |
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330 | Issue Tracking Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/08/31/6 | Mailing List Patch Third Party Advisory |
http://www.openwall.com/lists/oss-security/2012/08/31/10 | Mailing List Patch Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Information
Published : 2017-10-19 14:29
Updated : 2017-10-31 15:07
NVD link : CVE-2012-4382
Mitre link : CVE-2012-4382
JSON object : View
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
Products Affected
mediawiki
- mediawiki