Description

The (1) Special:MyPage, (2) Special:MyTalk, (3) Special:MyContributions, (4) Special:MyUploads, and (5) Special:AllMyUploads pages in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 allow remote attackers to obtain sensitive user login information via crafted links combined with page view statistics.

Remediation

References

CVE-2015-8628

Related Vulnerabilities

GlassFish CVE-2017-10391 Vulnerability (CVE-2017-10391)

Squid Missing Release of Resource after Effective Lifetime Vulnerability (CVE-2018-19132)

Cherokee Cryptographic Issues Vulnerability (CVE-2011-2190)

Oracle JRE CVE-2012-3216 Vulnerability (CVE-2012-3216)

WordPress Plugin 3D Flick Slideshow 'upload.php' Arbitrary File Upload (2.1)

Severity

Medium

Classification

CVE-2015-8628 CWE-200 CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities