CVE-2021-30156Sensitive Information Exposure in Mediawiki

CWE-200Sensitive Information ExposureCWE-732Incorrect Permission Assignment5 documents5 sources
Severity
4.3MEDIUMNVD
EPSS
0.2%
top 59.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
MediawikiFedoraproject FedoraDebian Mediawiki
Timeline
PublishedApr 9
Latest updateMay 24

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

NVDmediawiki/mediawiki1.32.01.35.2+1

Also affects: Fedora 33, 34

Patches

Patch: phabricator.wikimedia.orgPatch: phabricator.wikimedia.org

🔴Vulnerability Details

2
GHSA
GHSA-4w3g-mpj2-j247: An issue was discovered in MediaWiki before 12022-05-24
OSV
CVE-2021-30156: An issue was discovered in MediaWiki before 12021-04-09

📋Vendor Advisories

2
Red Hat
mediawiki: Special: Contributions toolbar reveals existence of hidden users2021-04-06
Debian
CVE-2021-30156: mediawiki - An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x be...2021
CVE-2021-30156 — Sensitive Information Exposure | cvebase