CVE-2018-0504Log File Information Exposure in Mediawiki

CWE-532Log File Information ExposureCWE-200Sensitive Information Exposure9 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
1.5%
top 18.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
MediawikiMediawiki CoreDebian Mediawiki+1 more
Timeline
PublishedOct 4
Latest updateMay 13

Description

Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages5 packages

Packagistmediawiki/core1.27.01.27.5+3
debiandebian/mediawiki< mediawiki 1:1.31.1-1 (bookworm)
NVDmediawiki/mediawiki1.31.01.31.1+3
Debianmediawiki/mediawiki< 1:1.31.1-1+3
CVEListV5mediawiki/mediawikibefore 1.31.1, 1.30.1, 1.29.3 and 1.27.5

Also affects: Debian Linux 9.0

Patches

Patch: lists.wikimedia.orgPatch: phabricator.wikimedia.orgPatch: lists.wikimedia.org

🔴Vulnerability Details

3
OSV
Mediawiki information disclosure vulnerability2022-05-13
GHSA
Mediawiki information disclosure vulnerability2022-05-13
OSV
CVE-2018-0504: Mediawiki 12018-10-04

📋Vendor Advisories

2
Red Hat
mediawiki: Information exposure when a log event is (partially) hidden2018-09-24
Debian
CVE-2018-0504: mediawiki - Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information ...2018

💬Community

3
Bugzilla
CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden [fedora-all]2018-09-28
Bugzilla
CVE-2018-0504 mediawiki: Information exposure when a log event is (partially) hidden2018-09-28
Bugzilla
CVE-2018-5950 mailman: Cross-site scripting (XSS) vulnerability in web UI2018-01-24
CVE-2018-0504 — Log File Information Exposure | cvebase