CVE-2016-6337

Name of the Vulnerable Software and Affected Versions MediaWiki versions 1.27.x before 1.27.1

Description The issue might allow remote attackers to bypass intended session access restrictions. This is achieved by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.

Recommendations For MediaWiki versions 1.27.x before 1.27.1, update to version 1.27.1 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive areas of the application that rely on session access restrictions until the update can be applied.