Vulnerability Description
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Abusefilter | <= 1.34 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1PatchThird Party Advisory
- https://phabricator.wikimedia.org/T237887Issue TrackingPatchThird Party Advisory
- https://www.mediawiki.org/wiki/Extension:AbuseFilterProductVendor Advisory
- https://gerrit.wikimedia.org/r/q/Ic12790bd33982473f77551bde9599ed083a3e1f1PatchThird Party Advisory
- https://phabricator.wikimedia.org/T237887Issue TrackingPatchThird Party Advisory
- https://www.mediawiki.org/wiki/Extension:AbuseFilterProductVendor Advisory
FAQ
What is CVE-2019-18987?
CVE-2019-18987 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, th...
How severe is CVE-2019-18987?
CVE-2019-18987 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2019-18987?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Abusefilter.