Описание
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
| Релиз | Статус | Примечание |
|---|---|---|
| artful | ignored | end of life |
| bionic | not-affected | 1.27.1 |
| cosmic | not-affected | 1.27.1 |
| devel | not-affected | 1.27.1 |
| disco | not-affected | 1.27.1 |
| esm-apps/bionic | not-affected | 1.27.1 |
| esm-infra-legacy/trusty | DNE | trusty/esm was DNE [trusty was needed] |
| precise | ignored | end of life |
| precise/esm | DNE | precise was needed |
| trusty | ignored | end of standard support |
Показывать по
EPSS
5 Medium
CVSS2
7.5 High
CVSS3
Связанные уязвимости
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27 ...
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
EPSS
5 Medium
CVSS2
7.5 High
CVSS3