CVE-2020-35480

MEDIUM Year: 2020
CVSS v3 Score
5.3
Medium
CVSS v2 Score
5.0
Medium
Weakness Type
CWE-203
View all →

Vulnerability Description

An issue was discovered in MediaWiki before 1.35.1. Missing users (accounts that don't exist) and hidden users (accounts that have been explicitly hidden due to being abusive, or similar) that the viewer cannot see are handled differently, exposing sensitive information about the hidden status to unprivileged viewers. This exists on various code paths.

Related Vulnerabilities

CVE-2013-1422

MEDIUM
CVSS:5.3(Medium)

webcalendar before 1.2.7 shows the reason for a failed login (e.g., "no such user").

CWE-2032013

CVE-2014-4156

MEDIUM
CVSS:5.3(Medium)

Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability

CWE-2032014

CVE-2016-9129

MEDIUM
CVSS:5.3(Medium)

Revive Adserver before 3.2.3 suffers from Information Exposure Through Discrepancy. It is possible to check whether or not an email address was associated to one or more user accounts on a target Revi...

CWE-2032016

CVE-2017-5107

MEDIUM
CVSS:5.3(Medium)

A timing attack in SVG rendering in Google Chrome prior to 60.0.3112.78 for Linux, Windows, and Mac allowed a remote attacker to extract pixel values from a cross-origin page being iframe'd via a craf...

CWE-2032017

CVE-2017-7006

MEDIUM
CVSS:5.3(Medium)

An issue was discovered in certain Apple products. iOS before 10.3.3 is affected. Safari before 10.1.2 is affected. tvOS before 10.2.2 is affected. The issue involves the "WebKit" component. It allows...

CWE-2032017

CVE-2017-8055

MEDIUM
CVSS:5.3(Medium)

WatchGuard Fireware allows user enumeration, e.g., in the Firebox XML-RPC login handler. A login request that contains a blank password sent to the XML-RPC agent in Fireware v11.12.1 and earlier retur...

CWE-2032017