Bug 773736 (CVE-2012-0046) - CVE-2012-0046 mediawiki: prop=revisions allows deleted text to be exposed through cache pollution
Summary: CVE-2012-0046 mediawiki: prop=revisions allows deleted text to be exposed thr...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2012-0046
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 773741 773742
Blocks:
TreeView+ depends on / blocked
 
Reported: 2012-01-12 18:22 UTC by Vincent Danen
Modified: 2019-09-29 12:49 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2013-04-03 18:24:09 UTC


Attachments (Terms of Use)

Description Vincent Danen 2012-01-12 18:22:23 UTC
MediaWiki 1.17.2 and 1.18.1 were released to correct a security flaw in its API where prop=revisions would expose deleted text to unprivileged users through cache pollution.

MediaWiki 1.16 is no longer supported upstream, but this flaw does seem to affect that version, as per the code changes (r108682).

References:

https://www.mediawiki.org/wiki/Special:Code/MediaWiki/108682
https://bugzilla.wikimedia.org/show_bug.cgi?id=33117
http://svn.wikimedia.org/svnroot/mediawiki/tags/REL1_17_2/phase3/RELEASE-NOTES

Comment 1 Vincent Danen 2012-01-12 18:37:51 UTC
Created mediawiki tracking bugs for this issue

Affects: fedora-all [bug 773741]

Comment 2 Vincent Danen 2012-01-12 18:37:54 UTC
Created mediawiki116 tracking bugs for this issue

Affects: epel-all [bug 773742]

Comment 3 Vincent Danen 2012-01-13 16:56:36 UTC
This has been assigned the name CVE-2012-0046:

http://www.openwall.com/lists/oss-security/2012/01/12/8


Note You need to log in before you can comment on or make changes to this bug.