Mediawiki 1.31 before 1.31.1, 1.30.1, 1.29.3 and 1.27.5 contains an information disclosure flaw in the Special:Redirect/logid
Weakness
The product writes sensitive information to a log file.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | 1.31.0 (including) | 1.31.1 (excluding) |
| Mediawiki | Mediawiki | 1.27.5 (including) | 1.27.5 (including) |
| Mediawiki | Mediawiki | 1.29.3 (including) | 1.29.3 (including) |
| Mediawiki | Mediawiki | 1.30.1 (including) | 1.30.1 (including) |
| Red Hat OpenShift Container Platform 3.10 | RedHat | mediawiki-0:1.27.7-1.el7 | * |
| Red Hat OpenShift Container Platform 3.9 | RedHat | mediawiki123-0:1.23.17-1.el7 | * |
| Mediawiki | Ubuntu | bionic | * |
| Mediawiki | Ubuntu | esm-apps/bionic | * |
| Mediawiki | Ubuntu | trusty | * |
| Mediawiki | Ubuntu | upstream | * |
Potential Mitigations
Related Attack Patterns
References
- http://www.securitytracker.com/id/1041695
- https://access.redhat.com/errata/RHSA-2019:3238
- https://access.redhat.com/errata/RHSA-2019:3813
- https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
- https://phabricator.wikimedia.org/T187638
- https://www.debian.org/security/2018/dsa-4301
- http://www.securitytracker.com/id/1041695
- https://access.redhat.com/errata/RHSA-2019:3238
- https://access.redhat.com/errata/RHSA-2019:3813
- https://lists.wikimedia.org/pipermail/wikitech-l/2018-September/090849.html
- https://phabricator.wikimedia.org/T187638
- https://www.debian.org/security/2018/dsa-4301