CVE-2019-18611

MEDIUM

MediaWiki CheckUser <1.34 - Info Disclosure

Title source: llm

Description

An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should not have been able to view these oversighted edit summaries via the MediaWiki API.

References (2)

Core 2

Core References

Patch, Vendor Advisory x_refsource_misc

https://phabricator.wikimedia.org/T234862

Patch, Vendor Advisory x_refsource_misc

https://gerrit.wikimedia.org/r/q/Ie0aa0df2b3f03d8b910733f1b5e600a0dc978765

Scores

CVSS v3 6.5

EPSS 0.0034

EPSS Percentile 56.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-200

Status published

Products (1)

mediawiki/checkuser < 1.34

Published Oct 29, 2019

Tracked Since Feb 18, 2026