CVE-2019-18611 — Sensitive Information Exposure in Checkuser

CWE-200 — Sensitive Information Exposure2 documents2 sources

Severity

6.5MEDIUMNVD

EPSS

0.3%

top 43.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Mediawiki Checkuser

Timeline

PublishedOct 29

Latest updateMay 24

Description

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages1 packages

▶NVDmediawiki/checkuser1.34

Patches

Patch: gerrit.wikimedia.org ↗Patch: phabricator.wikimedia.org ↗Patch: gerrit.wikimedia.org ↗

🔴Vulnerability Details

GHSA

GHSA-w3xh-g4rp-pcfc: An issue was discovered in the CheckUser extension through 1↗2022-05-24

▶