Vulnerability-Lookup

Search criteria

Vendor

Product

Assigner

Sources

Sort by

Order

FKIE_CVE-2019-16529

Vulnerability from fkie_nvd - Published: 2020-03-19 23:15 - Updated: 2024-11-21 04:30

Severity ?

5.3 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Summary

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.

References

URL	Tags
cve@mitre.org	https://phabricator.wikimedia.org/T207094	Permissions Required
cve@mitre.org	https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T207094	Permissions Required
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	checkuser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*",
              "matchCriteriaId": "2AF1A25E-B80A-411E-8B90-775FB9D662AA",
              "versionEndIncluding": "1.35",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki\u0027s permissions model."
    },
    {
      "lang": "es",
      "value": "Se detect\u00f3 un problema en la extensi\u00f3n CheckUser versiones hasta 1.35.0, para MediaWiki. Los res\u00famenes de edici\u00f3n ignorados ??siguen siendo visibles en CheckUser, que resulta en una violaci\u00f3n del modelo de permisos de MediaWiki."
    }
  ],
  "id": "CVE-2019-16529",
  "lastModified": "2024-11-21T04:30:46.203",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 5.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 5.3,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "LOW",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 1.4,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2020-03-19T23:15:18.490",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T207094"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Permissions Required"
      ],
      "url": "https://phabricator.wikimedia.org/T207094"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2019-18611

Vulnerability from fkie_nvd - Published: 2019-10-29 19:15 - Updated: 2024-11-21 04:33

Severity ?

6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.

References

URL	Tags
cve@mitre.org	https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T234862	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T234862	Patch, Vendor Advisory

Impacted products

	Vendor	Product	Version
	mediawiki	checkuser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:checkuser:*:*:*:*:*:mediawiki:*:*",
              "matchCriteriaId": "4DDCE5BD-9F6E-4E74-888D-FEA4E5ABB507",
              "versionEndIncluding": "1.34",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
    },
    {
      "lang": "es",
      "value": "Se descubri\u00f3 un problema en la extensi\u00f3n CheckUser versiones hasta la versi\u00f3n  1.34 para MediaWiki. Cierta informaci\u00f3n confidencial dentro de los res\u00famenes de edici\u00f3n descuidados ??disponibles mediante la API de MediaWiki era potencialmente visible para los usuarios con varios niveles de acceso en esta extensi\u00f3n. Dichos usuarios no deber\u00edan haber sido capaces de visualizar estos res\u00famenes de edici\u00f3n descuidados por medio de la API MediaWiki."
    }
  ],
  "id": "CVE-2019-18611",
  "lastModified": "2024-11-21T04:33:21.747",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "SINGLE",
          "availabilityImpact": "NONE",
          "baseScore": 4.0,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "NONE",
          "baseScore": 6.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 2.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2019-10-29T19:15:19.843",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T234862"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://phabricator.wikimedia.org/T234862"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-200"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

FKIE_CVE-2015-2940

Vulnerability from fkie_nvd - Published: 2015-04-13 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/01/1
cve@mitre.org	http://www.openwall.com/lists/oss-security/2015/04/07/3
cve@mitre.org	http://www.securityfocus.com/bid/73477
cve@mitre.org	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
cve@mitre.org	https://phabricator.wikimedia.org/T85858
cve@mitre.org	https://security.gentoo.org/glsa/201510-05
af854a3a-2127-422b-91ae-364da2661108	http://www.mandriva.com/security/advisories?name=MDVSA-2015:200
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/01/1
af854a3a-2127-422b-91ae-364da2661108	http://www.openwall.com/lists/oss-security/2015/04/07/3
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/73477
af854a3a-2127-422b-91ae-364da2661108	https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://phabricator.wikimedia.org/T85858
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201510-05

Impacted products

	Vendor	Product	Version
	mediawiki	checkuser	-

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:mediawiki:checkuser:-:*:*:*:*:mediawiki:*:*",
              "matchCriteriaId": "AF8654AE-7741-4CD6-A1C1-1C70CF29DEED",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de CSRF en la extensi\u00f3n CheckUser para MediaWiki permite a atacantes remotos secuestrar la autenticaci\u00f3n de ciertos usuarios para peticiones que solicitan informaci\u00f3n sensible de usuario a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2015-2940",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.8,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ]
  },
  "published": "2015-04-13T14:59:13.520",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://phabricator.wikimedia.org/T85858"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201510-05"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/73477"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://phabricator.wikimedia.org/T85858"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201510-05"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-352"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2019-16529 (GCVE-0-2019-16529)

Vulnerability from cvelistv5 – Published: 2020-03-19 22:51 – Updated: 2024-08-05 01:17

Summary

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://phabricator.wikimedia.org/T207094	x_refsource_MISC
	https://phabricator.wikimedia.org/rECHU22ddd638ba…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:17:39.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T207094"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki\u0027s permissions model."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-19T22:51:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T207094"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki\u0027s permissions model."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T207094",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T207094"
            },
            {
              "name": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16529",
    "datePublished": "2020-03-19T22:51:21",
    "dateReserved": "2019-09-19T00:00:00",
    "dateUpdated": "2024-08-05T01:17:39.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18611 (GCVE-0-2019-18611)

Vulnerability from cvelistv5 – Published: 2019-10-29 15:41 – Updated: 2024-08-05 01:54

Summary

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://phabricator.wikimedia.org/T234862	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:14.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T234862"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T15:41:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T234862"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T234862",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T234862"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18611",
    "datePublished": "2019-10-29T15:41:24",
    "dateReserved": "2019-10-29T00:00:00",
    "dateUpdated": "2024-08-05T01:54:14.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2940 (GCVE-0-2015-2940)

Vulnerability from cvelistv5 – Published: 2015-04-13 14:00 – Updated: 2024-08-06 05:32

Summary

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisoryx_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-listx_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-a…	mailing-listx_refsource_MLIST
	https://phabricator.wikimedia.org/T85858	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85858"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85858"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85858",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85858"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2940",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-16529 (GCVE-0-2019-16529)

Vulnerability from nvd – Published: 2020-03-19 22:51 – Updated: 2024-08-05 01:17

Summary

An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://phabricator.wikimedia.org/T207094	x_refsource_MISC
	https://phabricator.wikimedia.org/rECHU22ddd638ba…	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:17:39.610Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T207094"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki\u0027s permissions model."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2020-03-19T22:51:21",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T207094"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-16529",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki\u0027s permissions model."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T207094",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T207094"
            },
            {
              "name": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-16529",
    "datePublished": "2020-03-19T22:51:21",
    "dateReserved": "2019-09-19T00:00:00",
    "dateUpdated": "2024-08-05T01:17:39.610Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2019-18611 (GCVE-0-2019-18611)

Vulnerability from nvd – Published: 2019-10-29 15:41 – Updated: 2024-08-05 01:54

Summary

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://phabricator.wikimedia.org/T234862	x_refsource_MISC
	https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8…	x_refsource_MISC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-05T01:54:14.553Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T234862"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2019-10-29T15:41:24",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://phabricator.wikimedia.org/T234862"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2019-18611",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://phabricator.wikimedia.org/T234862",
              "refsource": "MISC",
              "url": "https://phabricator.wikimedia.org/T234862"
            },
            {
              "name": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765",
              "refsource": "MISC",
              "url": "https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2019-18611",
    "datePublished": "2019-10-29T15:41:24",
    "dateReserved": "2019-10-29T00:00:00",
    "dateUpdated": "2024-08-05T01:54:14.553Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2015-2940 (GCVE-0-2015-2940)

Vulnerability from nvd – Published: 2015-04-13 14:00 – Updated: 2024-08-06 05:32

Summary

Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.

Severity ?

No CVSS data available.

CWE

n/a

Assigner

mitre

References

URL

Tags

	https://security.gentoo.org/glsa/201510-05	vendor-advisoryx_refsource_GENTOO
	http://www.mandriva.com/security/advisories?name=…	vendor-advisoryx_refsource_MANDRIVA
	http://www.securityfocus.com/bid/73477	vdb-entryx_refsource_BID
	http://www.openwall.com/lists/oss-security/2015/04/07/3	mailing-listx_refsource_MLIST
	http://www.openwall.com/lists/oss-security/2015/04/01/1	mailing-listx_refsource_MLIST
	https://lists.wikimedia.org/pipermail/mediawiki-a…	mailing-listx_refsource_MLIST
	https://phabricator.wikimedia.org/T85858	x_refsource_CONFIRM

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:32:20.467Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "GLSA-201510-05",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201510-05"
          },
          {
            "name": "MDVSA-2015:200",
            "tags": [
              "vendor-advisory",
              "x_refsource_MANDRIVA",
              "x_transferred"
            ],
            "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
          },
          {
            "name": "73477",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/73477"
          },
          {
            "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
          },
          {
            "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
          },
          {
            "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://phabricator.wikimedia.org/T85858"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-03-31T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2016-12-05T21:57:02",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "GLSA-201510-05",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201510-05"
        },
        {
          "name": "MDVSA-2015:200",
          "tags": [
            "vendor-advisory",
            "x_refsource_MANDRIVA"
          ],
          "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
        },
        {
          "name": "73477",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/73477"
        },
        {
          "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
        },
        {
          "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
        },
        {
          "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://phabricator.wikimedia.org/T85858"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-2940",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "GLSA-201510-05",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201510-05"
            },
            {
              "name": "MDVSA-2015:200",
              "refsource": "MANDRIVA",
              "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2015:200"
            },
            {
              "name": "73477",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/73477"
            },
            {
              "name": "[oss-security] 20150407 Re: CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/07/3"
            },
            {
              "name": "[oss-security] 20150331 CVE request: MediaWiki 1.24.2/1.23.9/1.19.24",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2015/04/01/1"
            },
            {
              "name": "[MediaWiki-announce] 20150331 MediaWiki Security and Maintenance Releases: 1.19.24, 1.23.9, and 1.24.2",
              "refsource": "MLIST",
              "url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-March/000175.html"
            },
            {
              "name": "https://phabricator.wikimedia.org/T85858",
              "refsource": "CONFIRM",
              "url": "https://phabricator.wikimedia.org/T85858"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-2940",
    "datePublished": "2015-04-13T14:00:00",
    "dateReserved": "2015-04-07T00:00:00",
    "dateUpdated": "2024-08-06T05:32:20.467Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Search criteria

9 vulnerabilities found for checkuser by mediawiki

FKIE_CVE-2019-16529

FKIE_CVE-2019-18611

FKIE_CVE-2015-2940

CVE-2019-16529 (GCVE-0-2019-16529)

CVE-2019-18611 (GCVE-0-2019-18611)

CVE-2015-2940 (GCVE-0-2015-2940)

CVE-2019-16529 (GCVE-0-2019-16529)

CVE-2019-18611 (GCVE-0-2019-18611)

CVE-2015-2940 (GCVE-0-2015-2940)