DEBIAN-CVE-2020-35480

An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to being abusive, or similar that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to...

UBUNTU-CVE-2020-35480

An issue was discovered in MediaWiki before 1.35.1. Missing users accounts that don't exist and hidden users accounts that have been explicitly hidden due to being abusive, or similar that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to...

PT-2020-5772 · Mediawiki +1 · Mediawiki +1

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.1 Description: The issue is related to the incorrect handling of missing and hidden users in MediaWiki, which can expose sensitive information about the hidden status to unprivileged viewers. This can be...

CVE-2017-8438

Elastic X-Pack Security versions 5.0.0 to 5.4.0 contain a privilege escalation bug in the runas functionality. This bug prevents transitioning into the specified user specified in a runas request. If a role has been created using a template that contains the user properties, the behavior of runas...