CVE-2021-44854Use of Cache Containing Sensitive Information in Mediawiki

CWE-524Use of Cache Containing Sensitive InformationCWE-200Sensitive Information ExposureCWE-668Resource Exposure5 documents5 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 59.52%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MediawikiDebian Mediawiki
Timeline
PublishedDec 26

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

debiandebian/mediawiki< mediawiki 1:1.35.5-1 (bookworm)
NVDmediawiki/mediawiki1.36.01.36.3+2
Debianmediawiki/mediawiki< 1:1.35.8-1~deb11u1+3

🔴Vulnerability Details

2
OSV
CVE-2021-44854: An issue was discovered in MediaWiki before 12022-12-26
GHSA
GHSA-w4mm-gfhc-2p52: An issue was discovered in MediaWiki before 12022-12-26

📋Vendor Advisories

2
Red Hat
mediawiki: Rest API incorrectly publicly caches results from private wikis2022-12-26
Debian
CVE-2021-44854: mediawiki - An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1....2021
CVE-2021-44854 — Mediawiki vulnerability | cvebase