Description

An issue was discovered in the SecurePoll extension for MediaWiki through 1.35.1. The non-admin vote list contains a full vote timestamp, which may provide unintended clues about how a voting process unfolded.

Remediation

References

CVE-2020-35624

Related Vulnerabilities

Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)

Envoy Proxy NULL Pointer Dereference Vulnerability (CVE-2024-23327)

Joomla! Core 1.0.x Session Fixation (1.0.0 - 1.0.12)

WordPress Plugin ActiveCampaign-Forms, Site Tracking, Live Chat Cross-Site Request Forgery (8.0.1)

WordPress Plugin iThemes Security (formerly Better WP Security) Cross-Site Scripting (3.5.3)

Severity

Medium

Classification

CVE-2020-35624 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities