Vulnerability CVE-2013-4569 - CERT Civis.Net

Vulnerability Name:

CVE-2013-4569 (CCN-90141)

Assigned:

2013-11-14

Published:

2013-11-14

Updated:

2013-12-16

Summary:

The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

4.3 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N)
3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2013-4569

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-21874

Source: FEDORA
Type: UNKNOWN
FEDORA-2013-21856

Source: CCN
Type: MediaWiki Mailing List, Thu Nov 14 21:59:24 UTC 2013
MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9

Source: MLIST
Type: UNKNOWN
[MediaWiki-announce] 20131114 MediaWiki Security Release: 1.21.3, 1.20.8 and 1.19.9

Source: CCN
Type: MediaWiki Web site
MediaWiki

Source: CONFIRM
Type: UNKNOWN
https://bugzilla.wikimedia.org/show_bug.cgi?id=54294

Source: XF
Type: UNKNOWN
cleanchanges-cve20134569-info-disclosure(90141)

Vulnerable Configuration:

Configuration 1:

cpe:/a:mediawiki:mediawiki:1.20:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.1:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.2:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.3:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.4:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.5:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.6:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.20.7:*:*:*:*:*:*:*

Configuration 2:

cpe:/a:mediawiki:mediawiki:1.19:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19:beta_1:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19:beta_2:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.0:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.1:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.2:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.3:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.4:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.5:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.6:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.19.7:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:*:*:*:*:*:*:*:* (Version <= 1.19.8)

Configuration 3:

cpe:/a:mediawiki:mediawiki:1.21:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.21.1:*:*:*:*:*:*:*

OR cpe:/a:mediawiki:mediawiki:1.21.2:*:*:*:*:*:*:*

Denotes that component is vulnerable