Description

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

Remediation

References

CVE-2015-8628

Related Vulnerabilities

Oracle Database Server CVE-2006-3703 Vulnerability (CVE-2006-3703)

WordPress Plugin LeaderBoard Cross-Site Request Forgery (1.1.1)

WordPress 5.2.x Multiple Vulnerabilities (5.2 - 5.2.3)

WordPress Plugin Contact Form by BestWebSoft Email Header Injection (3.83)

Atlassian Jira Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2017-18104)

Severity

Medium

Classification

CVE-2015-8628 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities