Bug 773736 - (CVE-2012-0046) CVE-2012-0046 mediawiki: prop=revisions allows deleted text to be exposed through cache pollution
CVE-2012-0046 mediawiki: prop=revisions allows deleted text to be exposed thr...
Status: CLOSED ERRATA
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
unspecified
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
impact=moderate,public=20120111,repor...
: Security
Depends On: 773741 773742
Blocks:
  Show dependency treegraph
 
Reported: 2012-01-12 13:22 EST by Vincent Danen
Modified: 2013-04-03 14:24 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2013-04-03 14:24:09 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Vincent Danen 2012-01-12 13:22:23 EST
MediaWiki 1.17.2 and 1.18.1 were released to correct a security flaw in its API where prop=revisions would expose deleted text to unprivileged users through cache pollution.

MediaWiki 1.16 is no longer supported upstream, but this flaw does seem to affect that version, as per the code changes (r108682).

References:

https://www.mediawiki.org/wiki/Special:Code/MediaWiki/108682
https://bugzilla.wikimedia.org/show_bug.cgi?id=33117
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_17_2/phase3/RELEASE-NOTES
Comment 1 Vincent Danen 2012-01-12 13:37:51 EST
Created mediawiki tracking bugs for this issue

Affects: fedora-all [bug 773741]
Comment 2 Vincent Danen 2012-01-12 13:37:54 EST
Created mediawiki116 tracking bugs for this issue

Affects: epel-all [bug 773742]
Comment 3 Vincent Danen 2012-01-13 11:56:36 EST
This has been assigned the name CVE-2012-0046:

http://www.openwall.com/lists/oss-security/2012/01/12/8

Note You need to log in before you can comment on or make changes to this bug.