{"api_version":"1","generated_at":"2026-05-13T10:12:45+00:00","cve":"CVE-2019-18612","urls":{"html":"https://cve.report/CVE-2019-18612","api":"https://cve.report/api/cve/CVE-2019-18612.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2019-18612","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2019-18612"},"summary":{"title":"CVE-2019-18612","description":"An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2019-10-29 19:15:00","updated_at":"2019-10-31 12:09:00"},"problem_types":["CWE-200"],"metrics":[],"references":[{"url":"https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a","name":"https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"","mime":"text/html","httpstatus":"200","archivestatus":"0"},{"url":"https://phabricator.wikimedia.org/T104807","name":"https://phabricator.wikimedia.org/T104807","refsource":"MISC","tags":["Patch","Vendor Advisory"],"title":"⚓ T104807 Older hidden versions of a currently-public AbuseFilter are exposed via diffs (CVE-2019-18612)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2019-18612","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2019-18612","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2019","cve_id":"18612","vulnerable":"1","versionEndIncluding":"1.34","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"mediawiki","cpe5":"abusefilter","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"mediawiki","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2019-18612","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://phabricator.wikimedia.org/T104807","refsource":"MISC","name":"https://phabricator.wikimedia.org/T104807"},{"url":"https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a","refsource":"MISC","name":"https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a"}]}},"nvd":{"publishedDate":"2019-10-29 19:15:00","lastModifiedDate":"2019-10-31 12:09:00","problem_types":["CWE-200"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM"},"exploitabilityScore":3.9,"impactScore":1.4},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE","baseScore":5},"severity":"MEDIUM","exploitabilityScore":10,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:mediawiki:abusefilter:*:*:*:*:*:mediawiki:*:*","versionEndIncluding":"1.34","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2019","CveId":"18612","Ordinal":"159086","Title":"CVE-2019-18612","CVE":"CVE-2019-18612","Year":"2019"},"notes":[{"CveYear":"2019","CveId":"18612","Ordinal":"1","NoteData":"An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.","Type":"Description","Title":null},{"CveYear":"2019","CveId":"18612","Ordinal":"2","NoteData":"2019-10-29","Type":"Other","Title":"Published"},{"CveYear":"2019","CveId":"18612","Ordinal":"3","NoteData":"2019-10-29","Type":"Other","Title":"Modified"}]}}}