CVE-2019-12474
Debian Security Advisory 4460-1
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.
MediaWiki versiones 1.23.0 hasta 1.32.1 de Wikimedia, presenta una filtración de información. Las respuestas de la API privilegiadas que incluyen si un cambio reciente que ha sido vigilado pueden ser almacenadas públicamente. Se corrigió en las versiones 1.32.2, 1.31.2, 1.30.2 y 1.27.6.
Multiple security vulnerabilities have been discovered in MediaWiki, a website engine for collaborative work, which may result in authentication bypass, denial of service, cross-site scripting, information disclosure and bypass of anti-spam measures.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2019-05-30 CVE Reserved
- 2019-06-12 CVE Published
- 2024-08-04 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
CAPEC
References (4)
| URL | Tag | Source |
|---|---|---|
| https://seclists.org/bugtraq/2019/Jun/12 | Mailing List |
|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html | 2020-08-24 | |
| https://phabricator.wikimedia.org/T212118 | 2020-08-24 |
| URL | Date | SRC |
|---|---|---|
| https://www.debian.org/security/2019/dsa-4460 | 2020-08-24 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | >= 1.23.0 < 1.27.6 Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.23.0 < 1.27.6" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | >= 1.30.0 < 1.30.2 Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.30.0 < 1.30.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | >= 1.31.0 < 1.31.2 Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.31.0 < 1.31.2" | - |
Affected
| ||||||
| Mediawiki Search vendor "Mediawiki" | Mediawiki Search vendor "Mediawiki" for product "Mediawiki" | >= 1.32.0 < 1.32.2 Search vendor "Mediawiki" for product "Mediawiki" and version " >= 1.32.0 < 1.32.2" | - |
Affected
| ||||||
| Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||