Ubuntu.comUB:CVE-2020-35480CVE-2020-35480
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
59.9%
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts
that don’t exist) and hidden users (accounts that have been explicitly
hidden due to being abusive, or similar) that the viewer cannot see are
handled differently, exposing sensitive information about the hidden status
to unprivileged viewers. This exists on various code paths.
References
launchpad.net/bugs/cve/CVE-2020-35480
lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
lists.wikimedia.org/pipermail/wikitech-l/2020-December/094126.html
nvd.nist.gov/vuln/detail/CVE-2020-35480
phabricator.wikimedia.org/T120883
security-tracker.debian.org/tracker/CVE-2020-35480
www.cve.org/CVERecord?id=CVE-2020-35480
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
59.9%