Vulnerability Description
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers to obtain sensitive information (revision-deleted IPs) via the Recent Changes page.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | 1.20 |
Related Weaknesses (CWE)
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.h
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.h
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.htm
- https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.h
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.h
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.htm
- https://bugzilla.wikimedia.org/show_bug.cgi?id=54294
FAQ
What is CVE-2013-4569?
CVE-2013-4569 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attackers...
How severe is CVE-2013-4569?
CVE-2013-4569 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2013-4569?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.