Description
The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.
Remediation
References
Related Vulnerabilities
phpMyAdmin Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-2039)
MySQL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2012-5615)
Jetty Improper Input Validation Vulnerability (CVE-2022-2047)
WordPress Plugin FancyBox for WordPress Cross-Site Scripting (3.0.2)
Magento Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2019-7874)