Vulnerability Details : CVE-2019-18987
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
Vulnerability category: Information leak
Products affected by CVE-2019-18987
- cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-18987
0.14%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 50 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-18987
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:P/I:N/A:N |
10.0
|
2.9
|
NIST | |
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
3.9
|
1.4
|
NIST |
CWE ids for CVE-2019-18987
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: nvd@nist.gov (Primary)
References for CVE-2019-18987
-
https://phabricator.wikimedia.org/T237887
⚓ T237887 Old public versions of private filters are publicly viewable (CVE-2019-18987)Issue Tracking;Patch;Third Party Advisory
-
https://www.mediawiki.org/wiki/Extension:AbuseFilter
Extension:AbuseFilter - MediaWikiProduct;Vendor Advisory
-
https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1
Ic12790bd33982473f77551bde9599ed083a3e1f1 | gerrit.wikimedia Code ReviewPatch;Third Party Advisory
Jump to