Information Disclosure Vulnerability in CentralAuth Extension for MediaWiki

Information Disclosure Vulnerability in CentralAuth Extension for MediaWiki

CVE-2013-6455 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

The CentralAuth extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain usernames via vectors related to writing the names to the DOM of a page.

Learn more about our User Device Pen Test.