CVE-2012-4382 — Sensitive Information Exposure in Mediawiki

CWE-200 — Sensitive Information Exposure4 documents4 sources

Severity

4.9MEDIUMNVD

EPSS

0.3%

top 47.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Debian Mediawiki

Timeline

PublishedOct 19

Latest updateMay 17

Description

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:NExploitability: 1.2 | Impact: 3.6

Affected Packages3 packages

▶debiandebian/mediawiki< mediawiki 1:1.19.2-1 (bookworm)

▶Debianmediawiki/mediawiki< 1:1.19.2-1+3

▶NVDmediawiki/mediawiki1.18.4+2

Patches

Patch: www.openwall.com ↗Patch: www.openwall.com ↗Patch: lists.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-qxg6-q47j-rhmf: MediaWiki before 1↗2022-05-17

▶

OSV

CVE-2012-4382: MediaWiki before 1↗2017-10-19

▶

📋Vendor Advisories

Debian

CVE-2012-4382: mediawiki - MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user...↗2012

▶