| Vulnerability Name: | CVE-2013-6472 (CCN-90606) | ||||||||||||||||||||||||
| Assigned: | 2013-11-04 | ||||||||||||||||||||||||
| Published: | 2014-01-14 | ||||||||||||||||||||||||
| Updated: | 2014-05-13 | ||||||||||||||||||||||||
| Summary: | MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists. | ||||||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||
| Vulnerability Type: | CWE-200 | ||||||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2013-6472 Source: CCN Type: MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10 [MediaWiki-announce] MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10 Source: MLIST Type: Patch, Vendor Advisory [MediaWiki-announce] 20140114 MediaWiki Security Releases: 1.22.1, 1.21.4 and 1.19.10 Source: CCN Type: SA56413 MediaWiki Security Issues and Multiple Vulnerabilities Source: CCN Type: MediaWiki Web site MediaWiki Source: CCN Type: BID-65883 MediaWiki CVE-2014-2243 Information Disclosure Vulnerability Source: XF Type: UNKNOWN mediawiki-cve20136472-info-disclosure(90606) Source: CCN Type: WhiteSource Vulnerability Database CVE-2013-6472 | ||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||
| |||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||