Vulnerability CVE-2019-12474


Published: 2019-07-10

Description:
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

Type:

CWE-200

(Information Exposure)

Vendor: Debian
Product: Debian linux 
Version: 9.0;
Vendor: Mediawiki
Product: Mediawiki 
Version:
1.32.1
1.32.0
1.31.1
1.31.0
1.30.1
1.30.0
1.27.5
1.27.4
1.27.3
1.27.2
1.27.1
1.27.0
1.26.4
1.26.3
1.26.2
1.26.1
1.26.0
1.25.6
1.25.5
1.25.4
1.25.3
1.25.2
1.25.1
1.25.0
1.24.6
1.24.5
1.24.4
1.24.3
1.24.2
1.24.1
1.24.0
1.23.9
1.23.8
1.23.7
1.23.6
1.23.5
1.23.4
1.23.3
1.23.2
1.23.17
1.23.16
1.23.15
1.23.14
1.23.13
1.23.12
1.23.11
1.23.10
1.23.1
1.23.0

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:N/A:N)

CVSS Base Score
Impact Subscore
Exploitability Subscore
5/10
2.9/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
None
None

 References:
https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html
https://phabricator.wikimedia.org/T212118
https://seclists.org/bugtraq/2019/Jun/12
https://www.debian.org/security/2019/dsa-4460

Related CVE
CVE-2019-14807
In the MobileFrontend extension 1.31 through 1.33 for MediaWiki, XSS exists within the edit summary field in includes/specials/MobileSpecialPageFeed.php.
CVE-2019-12473
Wikimedia MediaWiki 1.27.0 through 1.32.1 might allow DoS. Passing invalid titles to the API could cause a DoS by querying the entire watchlist table. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12472
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.18.0 through 1.32.1. It is possible to bypass the limits on IP range blocks ($wgBlockCIDRLimit) by using the API. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12471
Wikimedia MediaWiki 1.30.0 through 1.32.1 has XSS. Loading user JavaScript from a non-existent account allows anyone to create the account, and perform XSS on users loading that script. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12470
Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12469
MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed username or log in Special:EditTags are exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
CVE-2019-12466
Wikimedia MediaWiki through 1.32.1 allows CSRF.
CVE-2019-12468
An Incorrect Access Control vulnerability was found in Wikimedia MediaWiki 1.27.0 through 1.32.1. Directly POSTing to Special:ChangeEmail would allow for bypassing re-authentication, allowing for potential account takeover.

Copyright 2019, cxsecurity.com

 

Back to Top