4.3

CVE-2021-36127

Exploit
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
MediawikiMediawiki Version <= 1.36
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.74% 0.498
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:P/I:N/A:N
CWE-922 Insecure Storage of Sensitive Information

The product stores sensitive information without properly limiting read or write access by unauthorized actors.

https://gerrit.wikimedia.org/r/q/I4e4dbcad61e1d4f6fd8b038bf63d19c69081a8ec
Patch
Vendor Advisory
https://phabricator.wikimedia.org/T285190
Patch
Vendor Advisory
Exploit
Issue Tracking