Checkuser
by MediaWiki
CVEs (25)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2021-31553 | 0.00 | — | 0.01 | Apr 22, 2021 | An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example,… | |||
| CVE-2019-16529 | 0.00 | — | 0.01 | Mar 19, 2020 | An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model. | |||
| CVE-2019-18611 | 0.00 | — | 0.01 | Oct 29, 2019 | An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should… | |||
| CVE-2015-2940 | 0.00 | — | 0.01 | Apr 13, 2015 | Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors. | |||
| CVE-2013-4306 | 0.00 | — | 0.01 | Oct 11, 2013 | Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via… |
- CVE-2021-31553Apr 22, 2021risk 0.00cvss —epss 0.01
An issue was discovered in the CheckUser extension for MediaWiki through 1.35.2. MediaWiki usernames with trailing whitespace could be stored in the cu_log database table such that denial of service occurred for certain CheckUser extension pages and functionality. For example,…
- CVE-2019-16529Mar 19, 2020risk 0.00cvss —epss 0.01
An issue was discovered in the CheckUser extension through 1.35.0 for MediaWiki. Oversighted edit summaries are still visible in CheckUser results in violation of MediaWiki's permissions model.
- CVE-2019-18611Oct 29, 2019risk 0.00cvss —epss 0.01
An issue was discovered in the CheckUser extension through 1.34 for MediaWiki. Certain sensitive information within oversighted edit summaries made available via the MediaWiki API was potentially visible to users with various levels of access to this extension. Said users should…
- CVE-2015-2940Apr 13, 2015risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in the CheckUser extension for MediaWiki allows remote attackers to hijack the authentication of certain users for requests that retrieve sensitive user information via unspecified vectors.
- CVE-2013-4306Oct 11, 2013risk 0.00cvss —epss 0.01
Cross-site request forgery (CSRF) vulnerability in api/ApiQueryCheckUser.php in the CheckUser extension for MediaWiki, possibly Checkuser before 2.3, allows remote attackers to hijack the authentication of arbitrary users for requests that "perform sensitive write actions" via…
Page 2 of 2