The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
References
| Link | Resource |
|---|---|
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | Mailing List Third Party Advisory |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | Patch Vendor Advisory |
| https://phabricator.wikimedia.org/T73167 | Vendor Advisory |
| http://www.openwall.com/lists/oss-security/2014/12/21/2 | Mailing List Third Party Advisory |
| http://www.openwall.com/lists/oss-security/2015/01/03/13 | Mailing List Third Party Advisory |
| https://lists.wikimedia.org/pipermail/mediawiki-announce/2014-December/000173.html | Patch Vendor Advisory |
| https://phabricator.wikimedia.org/T73167 | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
No history.
Information
Published : 2020-01-27 16:15
Updated : 2024-11-21 02:20
NVD link : CVE-2014-9481
Mitre link : CVE-2014-9481
CVE.ORG link : CVE-2014-9481
JSON object : View
Products Affected
mediawiki
- mediawiki
CWE
CWE-200
Exposure of Sensitive Information to an Unauthorized Actor