 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| CVE ID: | CVE-2020-35480 |
| Description: | An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths. |
| Test IDs: | 1.3.6.1.4.1.25623.1.0.892504 |
| Cross References: |
Common Vulnerability Exposure (CVE) ID: CVE-2020-35480 Debian Security Information: DSA-4816 (Google Search) https://www.debian.org/security/2020/dsa-4816 https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/ https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html https://phabricator.wikimedia.org/T120883 https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html |