Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Remediation

References

CVE-2021-31547

Related Vulnerabilities

IBM RTC Inadequate Encryption Strength Vulnerability (CVE-2020-4965)

MySQL CVE-2021-2070 Vulnerability (CVE-2021-2070)

Apache HTTP Server CVE-2016-8743 Vulnerability (CVE-2016-8743)

Python Missing Initialization of Resource Vulnerability (CVE-2018-14647)

Joomla Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2022-27913)

Severity

Medium

Classification

CVE-2021-31547 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

Tags

Missing Update Known Vulnerabilities