Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-35480

Опубликовано: 18 дек. 2020
Источник: nvd
CVSS3: 5.3
CVSS2: 5
EPSS Низкий

Описание

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*
Версия до 1.35.1 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Конфигурация 3
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 57%
0.00344
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203

Связанные уязвимости

ubuntu логотип

CVE-2020-35480

CVSS3: 5.3
ubuntu
около 5 лет назад

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

redhat логотип

CVE-2020-35480

CVSS3: 5.3
redhat
около 5 лет назад

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

debian логотип

CVE-2020-35480

CVSS3: 5.3
debian
около 5 лет назад

An issue was discovered in MediaWiki before 1.35.1. Missing users (acc ...

github логотип

GHSA-6wfj-pw33-8cr3

CVSS3: 5.3
github
больше 3 лет назад

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

fstec логотип

BDU:2021-01731

CVSS3: 5.3
fstec
около 5 лет назад

Уязвимость программного средства для реализации гипертекстовой среды MediaWiki, связанная с раскрытием информации, позволяющая нарушителю получить доступ к конфиденциальным данным

EPSS

Процентиль: 57%
0.00344
Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-203