CVE-2015-8007

Echo Extension for MediaWiki - Authenticated Exposure of Hidden Usernames in Non-Revision Notifications

Title source: llm
STIX 2.1

Description

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification.

References (3)

Core 3
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack
http://www.securitytracker.com/id/1034028
Patch, Vendor Advisory mailing-list x_refsource_mlist
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
Vendor Advisory x_refsource_confirm
https://phabricator.wikimedia.org/T110553

Scores

EPSS 0.0163
EPSS Percentile 73.4%

Details

CWE
CWE-200
Status published
Products (1)
echo_project/echo
Published Nov 09, 2015
Tracked Since Feb 18, 2026