Unrated severityNVD Advisory· Published Apr 21, 2020· Updated Aug 4, 2024
CVE-2020-12051
CVE-2020-12051
Description
The CentralAuth extension through REL1_34 for MediaWiki allows remote attackers to obtain sensitive hidden account information via an api.php?action=query&meta=globaluserinfo&guiuser= request. In other words, the information can be retrieved via the action API even though access would be denied when simply visiting wiki/Special:CentralAuth in a web browser.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- MediaWiki/CentralAuth extensiondescription
- Range: <=REL1_34
- osv-coords
Patches
Vulnerability mechanics
References
2- gerrit.wikimedia.org/r/mitrex_refsource_MISC
- phabricator.wikimedia.org/T250594mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.