Lucene search

OpenJS FoundationFRIENDSOFPHP:EDIAWIKI:CORE:CVE-2018-0504

HistoryJul 07, 2018 - 11:34 a.m.

When a log event is (partially) hidden Special:Redirect/logid can link to the incorrect log and reveal hidden information

2018-07-0711:34:58

OpenJS Foundation

github.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.9%

JSON

More info at https://phabricator.wikimedia.org/T187638

Affected configurations

Vulners

Node

mediawikicoreRange<1.31.1

VendorProductVersionCPE
mediawikicore*cpe:2.3:a:mediawiki:core:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
mediawiki	core	*	cpe:2.3:a:mediawiki:core::::::::

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.9%

JSON

Related for FRIENDSOFPHP:EDIAWIKI:CORE:CVE-2018-0504