Vulnerability Description
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
CVSS Score
4.9
MEDIUM
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.18.4 |
Related Weaknesses (CWE)
References
- http://www.openwall.com/lists/oss-security/2012/08/31/10Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/6Mailing ListPatchThird Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330Issue TrackingThird Party Advisory
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.htmlPatchVendor Advisory
- https://phabricator.wikimedia.org/T41823Issue TrackingVendor Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/10Mailing ListPatchThird Party Advisory
- http://www.openwall.com/lists/oss-security/2012/08/31/6Mailing ListPatchThird Party Advisory
- https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=686330Issue TrackingThird Party Advisory
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2012-August/000119.htmlPatchVendor Advisory
- https://phabricator.wikimedia.org/T41823Issue TrackingVendor Advisory
FAQ
What is CVE-2012-4382?
CVE-2012-4382 is a vulnerability with a CVSS score of 4.9 (MEDIUM). MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
How severe is CVE-2012-4382?
CVE-2012-4382 has been rated MEDIUM with a CVSS base score of 4.9/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-4382?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.