Information Exposure

Affecting mediawiki/core package, versions >=0.0.0

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

mediawiki/core is a Free software wiki application developed by the Wikimedia Foundation and others.

Note: This package is not maintained on Packagist anymore, but newer releases exist.

Affected versions of this package are vulnerable to Information Exposure. Missing and hidden users that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

Remediation

There is no fixed version for mediawiki/core.

References

CVSS Score

3.7
low severity
  • Attack Vector
    Network
  • Attack Complexity
    High
  • Privileges Required
    None
  • User Interaction
    None
  • Scope
    Unchanged
  • Confidentiality
    Low
  • Integrity
    None
  • Availability
    None
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N
Credit
Unknown
CVE
CVE-2020-35480
CWE
CWE-200
Snyk ID
SNYK-PHP-MEDIAWIKICORE-1053236
Disclosed
18 Dec, 2020
Published
21 Dec, 2020