{"id":"CVE-2019-12470","details":"Wikimedia MediaWiki through 1.32.1 has Incorrect Access Control. Suppressed log in RevisionDelete page is exposed. Fixed in 1.32.2, 1.31.2, 1.30.2 and 1.27.6.","aliases":["GHSA-733q-m38x-q7cc"],"modified":"2026-04-02T01:36:54.270384Z","published":"2019-07-10T17:15:12.147Z","related":["MGASA-2019-0279"],"references":[{"type":"ADVISORY","url":"https://www.debian.org/security/2019/dsa-4460"},{"type":"ADVISORY","url":"https://lists.wikimedia.org/pipermail/wikitech-l/2019-June/092152.html"},{"type":"ADVISORY","url":"https://phabricator.wikimedia.org/T222038"},{"type":"REPORT","url":"https://seclists.org/bugtraq/2019/Jun/12"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/wikimedia/mediawiki","events":[{"introduced":"0"},{"fixed":"b1558252c5478239b6ecc6d1950f07f938b12604"},{"introduced":"9acd49ea5e13e1a7150f4de07d87e98e85a08509"},{"fixed":"49fde28a202bfbc89650908d8f5b55339d4bc8b6"},{"introduced":"5cfc9accca2cc2fb94060c309d562913b7bed57c"},{"fixed":"5951e3e30351dbef4afaceccad415b7702d49bc0"},{"introduced":"0fbb878ef366477535a709b0c2564bdcf4b176d1"},{"fixed":"a720399187069dd4134bdbcc33bce3fc09b7b658"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"1.27.6"},{"introduced":"1.27.7"},{"fixed":"1.30.2"},{"introduced":"1.31.0"},{"fixed":"1.31.2"},{"introduced":"1.32.0"},{"fixed":"1.32.2"}]}}],"versions":["1.1.0","1.10.0","1.10.0rc1","1.10.0rc2","1.10.1","1.10.2","1.10.3","1.10.4","1.11.0","1.11.0rc1","1.11.1","1.11.2","1.12.0","1.12.0rc1","1.12.1","1.12.2","1.12.3","1.12.4","1.13.0","1.13.0rc1","1.13.0rc2","1.13.1","1.13.2","1.13.3","1.13.4","1.13.5","1.14.0","1.14.0rc1","1.14.1","1.15.0","1.15.0rc1","1.15.1","1.15.2","1.15.3","1.15.4","1.15.5","1.16.0","1.16.0beta1","1.16.0beta2","1.16.0beta3","1.16.1","1.16.2","1.16.3","1.16.4","1.16.5","1.17.0","1.17.0beta1","1.17.0rc1","1.17.1","1.17.2","1.17.3","1.17.4","1.17.5","1.18.0","1.18.0beta1","1.18.0rc1","1.18.1","1.18.2","1.18.3","1.18.4","1.18.5","1.18.6","1.19.0","1.19.0beta1","1.19.0beta2","1.19.0rc1","1.19.1","1.19.10","1.19.11","1.19.12","1.19.13","1.19.14","1.19.15","1.19.16","1.19.17","1.19.18","1.19.19","1.19.2","1.19.20","1.19.21","1.19.22","1.19.23","1.19.24","1.19.3","1.19.4","1.19.5","1.19.6","1.19.7","1.19.8","1.19.9","1.2.0","1.2.0rc1","1.2.0rc2","1.2.0rc3","1.2.1","1.2.2","1.2.3","1.2.4","1.2.5","1.2.6","1.20.0","1.20.0rc1","1.20.0rc2","1.20.1","1.20.2","1.20.3","1.20.4","1.20.5","1.20.6","1.20.7","1.20.8","1.21.0","1.21.1","1.21.10","1.21.11","1.21.2","1.21.3","1.21.4","1.21.5","1.21.6","1.21.7","1.21.8","1.21.9","1.22.0","1.22.0rc-FINAL","1.22.0rc0","1.22.0rc1","1.22.0rc2","1.22.0rc3","1.22.1","1.22.10","1.22.11","1.22.12","1.22.13","1.22.14","1.22.15","1.22.2","1.22.3","1.22.4","1.22.5","1.22.6","1.22.7","1.22.8","1.22.9","1.23.0","1.23.0-rc.1","1.23.0-rc.2","1.23.0-rc.3","1.23.0rc0","1.23.1","1.23.10","1.23.11","1.23.12","1.23.13","1.23.14","1.23.15","1.23.16","1.23.17","1.23.2","1.23.3","1.23.4","1.23.5","1.23.6","1.23.7","1.23.8","1.23.9","1.24.0","1.24.0-rc.0","1.24.0-rc.1","1.24.0-rc.2","1.24.0-rc.3","1.24.1","1.24.2","1.24.3","1.24.4","1.24.5","1.24.6","1.25.0","1.25.0-rc.0","1.25.1","1.25.2","1.25.3","1.25.4","1.25.5","1.25.6","1.26.0","1.26.1","1.26.2","1.26.3","1.26.4","1.27.0","1.27.0-rc.0","1.27.0-rc.1","1.27.1","1.27.2","1.27.3","1.27.4","1.27.5","1.27.7","1.28.0","1.28.0-rc.0","1.28.0-rc.1","1.28.1","1.28.2","1.28.3","1.29.0","1.29.0-rc.0","1.29.0-rc.1","1.29.1","1.29.2","1.29.3","1.3.0","1.3.0beta1","1.3.0beta2","1.3.0beta3","1.3.0beta4","1.3.0beta4a","1.3.0beta5","1.3.0beta6","1.3.1","1.3.10","1.3.11","1.3.12","1.3.13","1.3.14","1.3.15","1.3.16","1.3.17","1.3.18","1.3.2","1.3.3","1.3.4","1.3.5","1.3.6","1.3.7","1.3.8","1.3.9","1.30.0","1.30.0-rc.0","1.30.1","1.31.0","1.31.0-rc.0","1.31.0-rc.1","1.31.0-rc.2","1.31.1","1.32.0","1.32.0-rc.0","1.32.0-rc.1","1.32.0-rc.2","1.32.1","1.33.0","1.33.0-rc.0","1.33.1","1.33.2","1.33.3","1.33.4","1.34.0","1.34.0-rc.0","1.34.0-rc.1","1.34.1","1.34.2","1.34.3","1.34.4","1.35.0","1.35.0-rc.0","1.35.0-rc.1","1.35.0-rc.2","1.35.0-rc.3","1.35.1","1.35.10","1.35.11","1.35.12","1.35.13","1.35.14","1.35.2","1.35.3","1.35.4","1.35.5","1.35.6","1.35.7","1.35.8","1.35.9","1.36.0","1.36.0-rc.0","1.36.1","1.36.2","1.36.3","1.36.4","1.37.0","1.37.0-rc.0","1.37.0-rc.1","1.37.0-rc.2","1.37.1","1.37.2","1.37.3","1.37.4","1.37.5","1.37.6","1.38.0","1.38.0-rc.0","1.38.0-rc.1","1.38.1","1.38.2","1.38.3","1.38.4","1.38.5","1.38.6","1.38.7","1.39.0","1.39.0-rc.0","1.39.0-rc.1","1.39.1","1.39.10","1.39.11","1.39.12","1.39.13","1.39.14","1.39.15","1.39.16","1.39.17","1.39.2","1.39.3","1.39.4","1.39.5","1.39.6","1.39.7","1.39.8","1.39.9","1.4.0","1.4.0beta","1.4.0beta1","1.4.0beta2","1.4.0beta4","1.4.0beta5","1.4.0beta6","1.4.0rc1","1.4.1","1.4.10","1.4.11","1.4.12","1.4.13","1.4.14","1.4.15","1.4.2","1.4.3","1.4.4","1.4.5","1.4.6","1.4.7","1.4.8","1.4.9","1.40.0","1.40.0-rc.0","1.40.1","1.40.2","1.40.3","1.40.4","1.41.0","1.41.0-rc.0","1.41.1","1.41.2","1.41.3","1.41.4","1.41.5","1.42.0","1.42.0-rc.0","1.42.1","1.42.2","1.42.3","1.42.4","1.42.5","1.42.6","1.42.7","1.43.0","1.43.0-rc.0","1.43.1","1.43.2","1.43.3","1.43.4","1.43.5","1.43.6","1.43.7","1.43.8","1.44.0","1.44.0-rc.0","1.44.1","1.44.2","1.44.3","1.44.4","1.44.5","1.45.0","1.45.0-rc.0","1.45.1","1.45.2","1.45.3","1.5.0","1.5.0alpha1","1.5.0alpha2","1.5.0beta1","1.5.0beta2","1.5.0beta3","1.5.0beta4","1.5.0rc1","1.5.0rc2","1.5.1","1.5.2","1.5.3","1.5.4","1.5.5","1.5.6","1.5.7","1.5.8","1.6.0","1.6.1","1.6.10","1.6.11","1.6.12","1.6.2","1.6.3","1.6.4","1.6.5","1.6.6","1.6.7","1.6.8","1.6.9","1.7.0","1.7.1","1.7.2","1.7.3","1.8.0","1.8.1","1.8.2","1.8.3","1.8.4","1.9.0","1.9.0rc1","1.9.0rc2","1.9.1","1.9.2","1.9.3","1.9.4","1.9.5","REL1_23","REL1_25","REL1_26","REL1_27","REL1_28","REL1_29","REL1_33","REL1_34","REL1_35","REL1_36","REL1_37","REL1_38","fundraising/REL1_27","fundraising/REL1_35"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-12470.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"9.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}]}