logo

Advisories

Weaknesses

Fixes

Requirements

Compliance

CVE-2019-12470 mediawiki/core

Package

Manager: composer
Name: mediawiki/core
Vulnerable Version: >=1.27.0 <1.27.6 || >=1.30.0 <1.30.2 || >=1.31.0 <1.31.2 || >=1.32.0 <1.32.2

Severity

Level: Medium

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00238 pctl0.46786

Details

Wikimedia MediaWik exposed suppressed log in RevisionDelete page Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Metadata

Created: 2022-05-24T16:49:58Z
Modified: 2024-05-15T22:45:05Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-733q-m38x-q7cc/GHSA-733q-m38x-q7cc.json
CWE IDs: ["CWE-284"]
Alternative ID: GHSA-733q-m38x-q7cc
Finding: F039
Auto approve: 1