CVE-2013-6472
Published: 12 May 2014
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user watchlists.
Priority
Status
| Package | Release | Status |
|---|---|---|
|
mediawiki Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Ignored
(end of life)
|
|
| quantal |
Ignored
(end of life)
|
|
| saucy |
Ignored
(end of life)
|
|
| trusty |
Does not exist
(trusty was not-affected [1:1.19.11+dfsg-1])
|
|
| upstream |
Released
(1:1.19.10+dfsg-1)
|
|
| utopic |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
| vivid |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
| wily |
Not vulnerable
(1:1.19.11+dfsg-1)
|
|
| xenial |
Does not exist
|
|
| yakkety |
Not vulnerable
|
|
| zesty |
Not vulnerable
|
|
|
Patches: upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14270 upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14271 upstream: https://bugzilla.wikimedia.org/attachment.cgi?id=14272 |
||