CVE-2020-29005

HIGH

Mediawiki < 1.35 - Cleartext Transmission

Title source: rule

Description

The API in the Push extension for MediaWiki through 1.35 used cleartext for ApiPush credentials, allowing for potential information disclosure.

References (2)

Scores

CVSS v3 7.5
EPSS 0.0009
EPSS Percentile 25.5%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-319 CWE-522
Status published

Affected Products (1)

mediawiki/mediawiki < 1.35

Timeline

Published Jan 29, 2021
Tracked Since Feb 18, 2026