CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
EPSS
Percentile
30.0%
mediawiki/proofread-page is vulnerable to Information Disclosure. The vulnerability exists due to the lack of user permission validation in PageDisplayHandler.php
and PageContentHandler.php
, which allows an attacker to discover hidden users in the system.
gerrit.wikimedia.org/r/c/mediawiki/extensions/ProofreadPage/+/934410/
gerrit.wikimedia.org/r/q/Ibe5f8e25dea155bbd811a65833394c0d4b906a34
github.com/advisories/GHSA-qpx9-w5wp-x7q5
github.com/wikimedia/mediawiki-extensions-ProofreadPage/commit/0de246d090439a6f657067e5d2e2bc86783a51ef
phabricator.wikimedia.org/T326952