CVE-2019-18987

An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.3 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 61%
VendorProductVersion
mediawikiabusefilter
𝑥
≤ 1.34
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1
https://phabricator.wikimedia.org/T237887
https://www.mediawiki.org/wiki/Extension:AbuseFilter
https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1
https://phabricator.wikimedia.org/T237887
https://www.mediawiki.org/wiki/Extension:AbuseFilter