Vulnerability Description
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | < 1.35.5 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0Third Party Advisory
- https://phabricator.wikimedia.org/T290808Third Party Advisory
- https://phabricator.wikimedia.org/T290856Third Party Advisory
- https://gerrit.wikimedia.org/r/q/Ib2715adb281f8892b586dcb1895e87ac0eb548b0Third Party Advisory
- https://phabricator.wikimedia.org/T290808Third Party Advisory
- https://phabricator.wikimedia.org/T290856Third Party Advisory
FAQ
What is CVE-2021-46148?
CVE-2021-46148 is a vulnerability with a CVSS score of 6.5 (MEDIUM). An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers...
How severe is CVE-2021-46148?
CVE-2021-46148 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-46148?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.