CVE-2020-35480 log

Source
Severity Low
Remote Yes
Type Information disclosure
Description
An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.
Group Package Affected Fixed Severity Status Ticket
AVG-1371 mediawiki 1.35.0-1 1.35.1-1 Medium Fixed FS#69132
Date Advisory Group Package Severity Type
12 Jan 2021 ASA-202101-22 AVG-1371 mediawiki Medium multiple issues
References
https://phabricator.wikimedia.org/T120883
https://github.com/wikimedia/mediawiki/commit/15bed1201ea21ce477a16e9d02170244b0086fb4
https://github.com/wikimedia/mediawiki/commit/aca0e52f5ce9312a4af4f411c756497902483a48