Description
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
Remediation
References
Related Vulnerabilities
IBM RTC Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2016-6024)
WordPress Plugin Catchers Helpdesk and Ticket system for Support Cross-Site Scripting (2.6.7)
WordPress Plugin Easy PayPal Gift Certificate Multiple Vulnerabilities (1.2.3)
Oracle JRE CVE-2014-2412 Vulnerability (CVE-2014-2412)
Apache HTTP Server CVE-2010-0425 Vulnerability (CVE-2010-0425)