Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)

Remediation

References

CVE-2024-40596

Related Vulnerabilities

WordPress Plugin SecureMoz Security Audit PHP Object Injection (1.0.5)

WordPress Plugin Better User Shortcodes Multiple Cross-Site Scripting Vulnerabilities (1.0)

Joomla Generation of Error Message Containing Sensitive Information Vulnerability (CVE-2022-23794)

WordPress Plugin Homepage SlideShow 'upload.php' Arbitrary File Upload (2.0)

MySQL CVE-2019-2636 Vulnerability (CVE-2019-2636)

Severity

Medium

Classification

CVE-2024-40596 CWE-532 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities