CVE-2015-6727

The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the "Change block" text.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
http://www.openwall.com/lists/oss-security/2015/08/12/6
http://www.openwall.com/lists/oss-security/2015/08/27/6
https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
https://phabricator.wikimedia.org/T106893
http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html
http://www.openwall.com/lists/oss-security/2015/08/12/6
http://www.openwall.com/lists/oss-security/2015/08/27/6
https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82
https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html	Vendor Advisory
https://phabricator.wikimedia.org/T106893

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:mediawiki:mediawiki::::::::
	cpe:2.3:a:mediawiki:mediawiki:1.24.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.1:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.24.2:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.0:::::::*
	cpe:2.3:a:mediawiki:mediawiki:1.25.1:::::::*

Configuration 2 (hide)

cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*

History

21 Nov 2024, 02:35

Type	Values Removed	Values Added
References	~~() http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html -~~	() http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html -
References	~~() http://www.openwall.com/lists/oss-security/2015/08/12/6 -~~	() http://www.openwall.com/lists/oss-security/2015/08/12/6 -
References	~~() http://www.openwall.com/lists/oss-security/2015/08/27/6 -~~	() http://www.openwall.com/lists/oss-security/2015/08/27/6 -
References	~~() https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82 -~~	() https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82 -
References	~~() https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html - Vendor Advisory~~	() https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html - Vendor Advisory
References	~~() https://phabricator.wikimedia.org/T106893 -~~	() https://phabricator.wikimedia.org/T106893 -

Information

Published : 2015-09-01 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-6727

Mitre link : CVE-2015-6727

CVE.ORG link : CVE-2015-6727

JSON object : View

Products Affected

mediawiki

mediawiki

canonical

ubuntu_linux

CWE

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2015-6727", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2015-09-01T14:59:04.947", "references": [{"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/08/12/6", "source": "cve@mitre.org"}, {"url": "http://www.openwall.com/lists/oss-security/2015/08/27/6", "source": "cve@mitre.org"}, {"url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82", "source": "cve@mitre.org"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://phabricator.wikimedia.org/T106893", "source": "cve@mitre.org"}, {"url": "http://lists.fedoraproject.org/pipermail/package-announce/2015-August/165193.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/08/12/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.openwall.com/lists/oss-security/2015/08/27/6", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/wikimedia/mediawiki/commit/5faabfa1bbf65536ea36108887040198afcb3c82", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-August/000179.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://phabricator.wikimedia.org/T106893", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "The Special:DeletedContributions page in MediaWiki before 1.23.10, 1.24.x before 1.24.3, and 1.25.x before 1.25.2 allows remote attackers to determine if an IP is autoblocked via the \"Change block\" text."}, {"lang": "es", "value": "Vulnerabilidad en la p\u00e1gina Special:DeletedContributions en MediaWiki en versiones anteriores 1.23.10, 1.24.x en versiones anteriores 1.24.3 y 1.25.x en versiones anteriores a 1.25.2, permite a atacantes remotos determinar si una IP es autobloqueada a trav\u00e9s del texto 'Change block'."}], "lastModified": "2025-04-12T10:46:40.837", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:mediawiki:mediawiki:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "05064578-51CC-482B-A135-42522AA50F0A", "versionEndIncluding": "1.23.9"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0B21EB21-AE87-48BF-B4A1-5E63A2E116B4"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A6C00423-B3FE-485A-9014-22F409DBD377"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.24.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E90C95FB-71CA-4CA1-935D-58A08244A81F"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9129F374-93CB-43CE-A3B2-DB6483514F32"}, {"criteria": "cpe:2.3:a:mediawiki:mediawiki:1.25.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CE125142-10A2-4ACF-9BA4-44E63C1E5DB6"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:15.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F38D3B7E-8429-473F-BB31-FC3583EE5A5B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}

5.0 /10