CVE-2021-46148

MEDIUM

MediaWiki <1.35.5-1.37.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. Some unprivileged users can view confidential information (e.g., IP addresses and User-Agent headers for election traffic) on a testwiki SecurePoll instance.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://phabricator.wikimedia.org/T290808
Third Party Advisory x_refsource_misc
https://phabricator.wikimedia.org/T290856

Scores

CVSS v3 6.5
EPSS 0.0025
EPSS Percentile 48.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-200
Status published
Products (1)
mediawiki/mediawiki < 1.35.5
Published Jan 10, 2022
Tracked Since Feb 18, 2026