CVE-2015-8007

Description

The Echo extension for MediWiki does not properly implement the hideuser functionality, which allows remote authenticated users to see hidden usernames in "non-revision based" notifications, as demonstrated by viewing a hidden username in a Thanks notification.

References

https://phabricator.wikimedia.org/T110553

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000182.html

http://www.securitytracker.com/id/1034028

Details

Source: Mitre, NVD

Risk Information

CVSS v2

CVSS v3