{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/46817?format=json","vulnerability_id":"VCID-xbdm-5mva-6fbr","summary":"mediawiki: Special: UserRights exposes the existence of hidden users","aliases":[{"alias":"CVE-2020-25813"},{"alias":"GHSA-c4rj-wrmq-52rj"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/128770?format=json","purl":"pkg:composer/mediawiki/core@1.31.9","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.9"},{"url":"http://public2.vulnerablecode.io/api/packages/128772?format=json","purl":"pkg:composer/mediawiki/core@1.34.3","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.34.3"},{"url":"http://public2.vulnerablecode.io/api/packages/352781?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.0-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.0-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/352722?format=json","purl":"pkg:deb/debian/mediawiki@1:1.35.13-1%2Bdeb11u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeub-a9kb-1qdf"},{"vulnerability":"VCID-qhvy-umzp-w7gf"},{"vulnerability":"VCID-skbg-rwdq-b3fm"},{"vulnerability":"VCID-tjqh-mf7p-hybm"},{"vulnerability":"VCID-u8ey-d3gq-ufej"},{"vulnerability":"VCID-xqyr-jqn9-m7a3"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.35.13-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/352720?format=json","purl":"pkg:deb/debian/mediawiki@1:1.39.17-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-jeub-a9kb-1qdf"},{"vulnerability":"VCID-tjqh-mf7p-hybm"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.39.17-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/352724?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-1~deb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-1~deb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/352723?format=json","purl":"pkg:deb/debian/mediawiki@1:1.43.8%2Bdfsg-2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/mediawiki@1:1.43.8%252Bdfsg-2%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/323853?format=json","purl":"pkg:composer/mediawiki/core@1.31.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-14nd-ucg9-cffd"},{"vulnerability":"VCID-b32r-8z57-bbcj"},{"vulnerability":"VCID-hxu6-vhfm-qbf8"},{"vulnerability":"VCID-mubh-pg5f-jqbh"},{"vulnerability":"VCID-qz6n-k51b-dkbj"},{"vulnerability":"VCID-xbdm-5mva-6fbr"},{"vulnerability":"VCID-xnq5-6f88-53fa"},{"vulnerability":"VCID-zx9x-1ddr-yfhv"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.31.0"},{"url":"http://public2.vulnerablecode.io/api/packages/324072?format=json","purl":"pkg:composer/mediawiki/core@1.32.0","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-hxu6-vhfm-qbf8"},{"vulnerability":"VCID-mubh-pg5f-jqbh"},{"vulnerability":"VCID-xbdm-5mva-6fbr"},{"vulnerability":"VCID-xnq5-6f88-53fa"},{"vulnerability":"VCID-yam3-hp3u-8qh5"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:composer/mediawiki/core@1.32.0"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2020-25813.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25813","reference_id":"","reference_type":"","scores":[{"value":"0.00366","scoring_system":"epss","scoring_elements":"0.58848","published_at":"2026-05-29T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-15005"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17367"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-17368"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25812"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25813"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25814"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25827"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25828"},{"reference_url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/FriendsOfPHP/security-advisories/blob/master/mediawiki/core/CVE-2020-25813.yaml"},{"reference_url":"https://github.com/wikimedia/mediawiki","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://github.com/wikimedia/mediawiki"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RTTPZ7XMDS66I442OLLHXBDNP2LCBJU6"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048480.html"},{"reference_url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://lists.wikimedia.org/pipermail/mediawiki-l/2020-September/048488.html"},{"reference_url":"https://meta.wikimedia.org/wiki/Special:UserRights","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://meta.wikimedia.org/wiki/Special:UserRights"},{"reference_url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25813","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://nvd.nist.gov/vuln/detail/CVE-2020-25813"},{"reference_url":"https://phabricator.wikimedia.org/T232568","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N"},{"value":"MODERATE","scoring_system":"generic_textual","scoring_elements":""}],"url":"https://phabricator.wikimedia.org/T232568"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903764","reference_id":"1903764","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=1903764"},{"reference_url":"https://github.com/advisories/GHSA-c4rj-wrmq-52rj","reference_id":"GHSA-c4rj-wrmq-52rj","reference_type":"","scores":[{"value":"MODERATE","scoring_system":"cvssv3.1_qr","scoring_elements":""}],"url":"https://github.com/advisories/GHSA-c4rj-wrmq-52rj"}],"weaknesses":[{"cwe_id":200,"name":"Exposure of Sensitive Information to an Unauthorized Actor","description":"The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information."}],"exploits":[],"severity_range_score":"4.0 - 6.9","exploitability":null,"weighted_severity":null,"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-xbdm-5mva-6fbr"}