Описание
Wikimedia information leak vulnerability
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2019-12474
- https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2019-12474.yaml
- https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
- https://phabricator.wikimedia.org/T212118
- https://seclists.org/bugtraq/2019/Jun/12
- https://www.debian.org/security/2019/dsa-4460
Пакеты
mediawiki/core
>= 1.27.0, < 1.27.6
1.27.6
mediawiki/core
>= 1.30.0, < 1.30.2
1.30.2
mediawiki/core
>= 1.31.0, < 1.31.2
1.31.2
mediawiki/core
>= 1.32.0, < 1.32.2
1.32.2
Связанные уязвимости
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Pri ...
Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с передачей недопустимых заголовков в API, позволяющая нарушителю несанкционированный доступ к защищаемой информации