Vulnerability Details : CVE-2019-18612
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.
Vulnerability category: Information leak
Products affected by CVE-2019-18612
- cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18612
0.32%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 52 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18612
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-18612
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18612
-
https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a
Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a | gerrit.wikimedia Code ReviewPatch;Vendor Advisory
-
https://phabricator.wikimedia.org/T104807
⚓ T104807 Older hidden versions of a currently-public AbuseFilter are exposed via diffs (CVE-2019-18612)Patch;Vendor Advisory
Jump to