CVE-2016-6332Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information Exposure9 documents6 sources
Severity
7.5HIGHNVD
EPSS
0.2%
top 55.29%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedApr 20
Latest updateMay 17

Description

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $wgBlockDisablesLogin is true, might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.27.1-1 (bookworm)
Debianmediawiki/mediawiki< 1:1.27.1-1+3
NVDmediawiki/mediawiki1.23.14+6

Patches

Patch: lists.wikimedia.orgPatch: phabricator.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-c8h3-jh33-q8gm: MediaWiki before 12022-05-17
OSV
CVE-2016-6332: MediaWiki before 12017-04-20

📋Vendor Advisories

1
Debian
CVE-2016-6332: mediawiki - MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1, when $...2016

🕵️Threat Intelligence

2
Unit42
The Old and New: Current Trends in Web-based Threats2018-06-20
Unit42
The Old and New: Current Trends in Web-based Threats2018-06-20

💬Community

3
Bugzilla
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.15 [epel-all]2016-08-24
Bugzilla
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.152016-08-24
Bugzilla
CVE-2016-6331 CVE-2016-6332 CVE-2016-6333 CVE-2016-6334 CVE-2016-6335 CVE-2016-6336 mediawiki: multiple flaws fixed in 1.27.1, 1.26.4 and 1.23.15 [fedora-all]2016-08-24
CVE-2016-6332 — Sensitive Information Exposure | cvebase