CVE-2015-8628 — Sensitive Information Exposure in Mediawiki
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 37.12%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedMar 23
Latest updateMay 17
Description
The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.
CVSS vector
CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.6 | Impact: 3.6
Affected Packages3 packages
Patches
🔴Vulnerability Details
2GHSA▶
GHSA-p4wx-g6w3-77pq: The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before↗2022-05-17
OSV▶
CVE-2015-8628: The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before↗2017-03-23
💥Exploits & PoCs
1📋Vendor Advisories
1Debian▶
CVE-2015-8628: mediawiki - The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Spe...↗2015
💬Community
1Bugzilla▶
CVE-2015-8622 CVE-2015-8623 CVE-2015-8624 CVE-2015-8625 CVE-2015-8626 CVE-2015-8627 CVE-2015-8628 mediawiki: multiple flaws fixed in 1.26.1, 1.25.4, 1.24.5, and 1.23.12↗2015-12-23