CVE-2013-6455Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 39.95%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiWikimedia Foundation Mediawiki
Timeline
PublishedJan 28
Latest updateMay 5

Description

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDmediawiki/mediawiki1.20.01.21.4+2
CVEListV5wikimedia_foundation/mediawiki1.22.x before 1.22.1, 1.2x before 1.21.4, before 1.19.10+2

🔴Vulnerability Details

1
GHSA
GHSA-gpmw-4rrf-5q49: The CentralAuth extension for MediaWiki before 12022-05-05
CVE-2013-6455 — Sensitive Information Exposure | cvebase