Main Vulnerability Database Vulnerabilities #VU41693

Information disclosure in MediaWiki - CVE-2013-6472

Published: May 12, 2014 / Updated: August 10, 2020

Vulnerability identifier: #VU41693

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2013-6472

CWE-ID: CWE-200

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: MediaWiki.org

Affected software:
MediaWiki

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.

How to mitigate CVE-2013-6472

Install update from vendor's website.

Sources

http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000138.html

Information disclosure in MediaWiki - CVE-2013-6472

Detailed vulnerability description

How to mitigate CVE-2013-6472

Sources

Please verify you're human