CVE-2013-6455

Summary

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

Affected Software

VendorProductVersion RangeStatus
Wikimedia FoundationMediaWikibefore 1.19.10affected
Wikimedia FoundationMediaWiki1.2x before 1.21.4affected
Wikimedia FoundationMediaWiki1.22.x before 1.22.1affected

Weaknesses

  • Path Disclosure

ADP Enrichment

CVE Program Container

Additional References

References