Vulnerability Details CVE-2015-8007
The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 42.3%
CVSS Severity
CVSS v2 Score 4.0
References
- http://www.securitytracker.com/id/1034028
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
- https://phabricator.wikimedia.org/T110553
- http://www.securitytracker.com/id/1034028
- https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html
- https://phabricator.wikimedia.org/T110553
Products affected by CVE-2015-8007
-
cpe:2.3:a:echo_project:echo:-