CVE-2016-6332

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.23.15 MediaWiki versions 1.26.x prior to 1.26.4 MediaWiki versions 1.27.x prior to 1.27.1

Description The issue might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked, specifically when the $wgBlockDisablesLogin variable is set to true.

Recommendations For MediaWiki versions prior to 1.23.15, update to version 1.23.15 or later. For MediaWiki versions 1.26.x prior to 1.26.4, update to version 1.26.4 or later. For MediaWiki versions 1.27.x prior to 1.27.1, update to version 1.27.1 or later.