CVE-2019-16738 Information
Share on:
Feb 14, 2021
cve
Description
In MediaWiki through 1.33.0 Special:Redirect allows information disclosure of suppressed usernames via a User ID Lookup.
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Reference
https://lists.fedoraproject.org/archives/list/[email protected]/message/7OMG3BMUHGWTAPYTK2NXM6CXF6FYLOUO/ https://lists.fedoraproject.org/archives/list/[email protected]/message/QBAOLXETM5BOYQG6OQVHGB2LNLZUXVN6/ https://phabricator.wikimedia.org/T230402 https://seclists.org/bugtraq/2019/Oct/32 https://www.debian.org/security/2019/dsa-4545
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
NONE
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
5.3