CVE-2015-8007
Echo Extension for MediaWiki - Authenticated Exposure of Hidden Usernames in Non-Revision Notifications
Title source: llmDescription
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification.
References (3)
Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id/1034028
Patch, Vendor Advisory mailing-list
x_refsource_mlist
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
Vendor Advisory x_refsource_confirm
https://phabricator.wikimedia.org/T110553
Scores
EPSS
0.0163
EPSS Percentile
73.4%
Details
CWE
CWE-200
Status
published
Products (1)
echo_project/echo
Published
Nov 09, 2015
Tracked Since
Feb 18, 2026