CVE-2021-31547

Published: Apr 22, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Affected (1)

Products: Mediawiki: Mediawiki

Mediawiki

1 product

Mediawiki

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Mediawiki Mediawiki	Up to 1.35.2

Related CWEs

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.

References (6)

https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75

Source: cve@mitre.org

Issue TrackingThird Party Advisory

https://phabricator.wikimedia.org/T223654

Source: cve@mitre.org

Third Party Advisory

https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingThird Party Advisory

https://phabricator.wikimedia.org/T223654

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.