Description
The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.
References (6)
Core 6
Core References
Patch x_refsource_confirm
https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/27/6
Issue Tracking x_refsource_confirm
https://phabricator.wikimedia.org/T106893
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2015/08/12/6
Vendor Advisory mailing-list
x_refsource_mlist
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
Scores
EPSS
0.0041
EPSS Percentile
61.1%
Details
CWE
CWE-200
Status
published
Products (7)
canonical/ubuntu_linux
15.04
mediawiki/mediawiki
1.24.0
mediawiki/mediawiki
1.24.1
mediawiki/mediawiki
1.24.2
mediawiki/mediawiki
1.25.0
mediawiki/mediawiki
1.25.1
mediawiki/mediawiki
< 1.23.9
Published
Sep 01, 2015
Tracked Since
Feb 18, 2026