First published: Fri Nov 15 2019(Updated: )
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Once a specific abuse filter has (accidentally or otherwise) been made public, its previous versions can be exposed, thus potentially disclosing private or sensitive information within the filter's definition.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mediawiki Abusefilter | <=1.34 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2019-18987 is a vulnerability in the AbuseFilter extension for MediaWiki that allows the exposure of previous versions of a public abuse filter, potentially disclosing private or sensitive information within the filter's definition.
The severity of CVE-2019-18987 is medium, with a CVSS score of 5.3.
CVE-2019-18987 affects Mediawiki AbuseFilter version 1.34 and potentially exposes previous versions of public abuse filters, leading to the disclosure of private or sensitive information.
Yes, upgrading to a version of the AbuseFilter extension beyond 1.34 eliminates the vulnerability.
You can find more information about CVE-2019-18987 in the references provided: [1] [2] [3].