Vulnerability Report

CVE-2019-16529

Title: Mediawiki Checkuser

Other

Proof Of Concept

No public PoC currently indexed for CVE-2019-16529.

CWE Category NVD-CWE-noinfo

Published Date Mar 19, 2020

Modified Date Nov 21, 2024

Exploit Status Not Found

Score 5.3 CVSS v3.1

Exploit Probability (EPSS)

0.18%

Vulnerability Summary

CVE-2019-16529: An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.

Impacted Vendors

mediawiki 1

Reference Links

https://phabricator.wikimedia.org/T207094 https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3 https://phabricator.wikimedia.org/T207094 https://phabricator.wikimedia.org/rECHU22ddd638ba79903361df88c755232a532cbdbfb3

CVSS v3.1

Source Entity [email protected]

Severity MEDIUM

5.3

Attack Vector

NETWORK

Complexity

LOW

Privileges

N/A

Interaction

NONE

Confidentiality

N/A

Integrity

N/A

Availability

N/A

Scope

UNCHANGED

RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2.0

Source Entity [email protected]

Severity MEDIUM

5.0

Access Vector

N/A

Authentication

N/A

RAW VECTOR AV:N/AC:L/Au:N/C:P/I:N/A:N

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2019-16529 Exploits & PoCs (Proof Of Concept)

No public PoCs found in our database for this CVE.

November 21, 2024 MODIFIED

Vulnerability data or affected products updated.

March 19, 2020 PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK

Complexity LOW

Privileges N/A

Interaction NONE

CVSS Vector String


                                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Affected Stack

No specific products linked.