GHSA-733q-m38x-q7cc

Source

https://github.com/advisories/GHSA-733q-m38x-q7cc

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-733q-m38x-q7cc/GHSA-733q-m38x-q7cc.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-733q-m38x-q7cc

Aliases

CVE-2019-12470

Published

2022-05-24T16:49:58Z

Modified

2024-05-15T23:12:56.492405Z

Severity

6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Wikimedia MediaWik exposed suppressed log in RevisionDelete page

Details

Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

Affected packages

Packagist / mediawiki/core

Package

Name: mediawiki/core
Purl: pkg:composer/mediawiki/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.27.0

Fixed

1.27.6

Affected versions

1.*

1.27.0

1.27.1

1.27.2

1.27.3

1.27.4

1.27.5

Packagist / mediawiki/core

Package

Name: mediawiki/core
Purl: pkg:composer/mediawiki/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.30.0

Fixed

1.30.2

Affected versions

1.*

1.30.0

1.30.1

Packagist / mediawiki/core

Package

Name: mediawiki/core
Purl: pkg:composer/mediawiki/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.31.0

Fixed

1.31.2

Affected versions

1.*

1.31.0

1.31.1

Packagist / mediawiki/core

Package

Name: mediawiki/core
Purl: pkg:composer/mediawiki/core

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.32.0

Fixed

1.32.2

Affected versions

1.*

1.32.0

1.32.1