CVE-2020-35480 — MEDIUM (5.3)

Q: How severe is CVE-2020-35480?

CVE-2020-35480 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2020-35480?

Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Debian Debian Linux, Fedoraproject Fedora.

Vulnerability Description

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

LOW

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Mediawiki	Mediawiki	< 1.35.1
Debian	Debian Linux	9.0
Fedoraproject	Fedora	33

Related Weaknesses (CWE)

CWE-203

References

https://lists.debian.org/debian-lts-announce/2020/12/msg00034.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.htMailing ListRelease NotesVendor Advisory
https://phabricator.wikimedia.org/T120883Permissions Required
https://www.debian.org/security/2020/dsa-4816Mailing ListThird Party Advisory
https://lists.debian.org/debian-lts-announce/2020/12/msg00034.htmlMailing ListThird Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.htMailing ListRelease NotesVendor Advisory
https://phabricator.wikimedia.org/T120883Permissions Required
https://www.debian.org/security/2020/dsa-4816Mailing ListThird Party Advisory

FAQ

What is CVE-2020-35480?

CVE-2020-35480 is a vulnerability with a CVSS score of 5.3 (MEDIUM). An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the vie...

How severe is CVE-2020-35480?

CVE-2020-35480 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2020-35480?

Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki, Debian Debian Linux, Fedoraproject Fedora.