CVE-2015-8628

MEDIUM

Mediawiki < 1.23.11 - Information Disclosure

Title source: rule

Description

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

References (4)

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/12/21/8

[Mailing List, Patch, Third Party Advisory] http://www.openwall.com/lists/oss-security/2015/12/23/7

[Patch, Release Notes, Vendor Advisory] https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html

[Patch, Third Party Advisory] https://phabricator.wikimedia.org/T109724

Scores

CVSS v3 5.3

EPSS 0.0043

EPSS Percentile 62.5%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-200

Status published

Affected Products (12)

mediawiki/mediawiki < 1.23.11

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

mediawiki/mediawiki

n/a/n/a

Timeline

Published Mar 23, 2017

Tracked Since Feb 18, 2026