7.5
CVE-2020-12051
- EPSS 1.32%
- Veröffentlicht 21.04.2020 22:15:14
- Zuletzt bearbeitet 21.11.2024 04:59:11
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 1.32% | 0.67 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
https://gerrit.wikimedia.org/r/#/q/I3c80641dc1202df7428714f0ca44717a51ff6021
https://phabricator.wikimedia.org/T250594