Description

MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.

Remediation

References

CVE-2012-4382

Related Vulnerabilities

Oracle Database Server CVE-2007-5514 Vulnerability (CVE-2007-5514)

WordPress Plugin Contact Form Submissions SQL Injection (1.6.4)

WebLogic CVE-2017-10178 Vulnerability (CVE-2017-10178)

SugarCRM Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2019-17304)

OpenSSL Observable Differences in Behavior to Error Inputs Vulnerability (CVE-2019-1559)

Severity

Medium

Classification

CVE-2012-4382 CWE-200 CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Tags

Missing Update Known Vulnerabilities