Описание
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
Ссылки
- Issue Tracking
- Mailing ListPatchVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Issue Tracking
- Mailing ListPatchVendor Advisory
- Third Party Advisory
- PatchThird Party Advisory
Уязвимые конфигурации
Одно из
EPSS
7.5 High
CVSS3
5 Medium
CVSS2
Дефекты
Связанные уязвимости
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
EPSS
7.5 High
CVSS3
5 Medium
CVSS2