CVE-2019-12474

Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cached publicly. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type

GIT

Repo

https://github.com/wikimedia/mediawiki

Events

Introduced

1346cdbba7e7f4560b572a73ecd3625192440e98

Fixed

b1558252c5478239b6ecc6d1950f07f938b12604

Introduced

830bb58fa2d24eb93d45135c6becd53f6c50d491

Fixed

49fde28a202bfbc89650908d8f5b55339d4bc8b6

Introduced

5cfc9accca2cc2fb94060c309d562913b7bed57c

Fixed

5951e3e30351dbef4afaceccad415b7702d49bc0

Introduced

0fbb878ef366477535a709b0c2564bdcf4b176d1

Fixed

a720399187069dd4134bdbcc33bce3fc09b7b658

Database specific

{
    "versions": [
        {
            "introduced": "1.23.0"
        },
        {
            "fixed": "1.27.6"
        },
        {
            "introduced": "1.30.0"
        },
        {
            "fixed": "1.30.2"
        },
        {
            "introduced": "1.31.0"
        },
        {
            "fixed": "1.31.2"
        },
        {
            "introduced": "1.32.0"
        },
        {
            "fixed": "1.32.2"
        }
    ]
}

Affected versions

1.*

1.30.0

1.30.1

1.31.0

1.31.1

1.32.0

1.32.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12474.json"

unresolved_ranges

[
    {
        "events": [
            {
                "introduced": "0"
            },
            {
                "last_affected": "9.0"
            }
        ]
    }
]