CVE-2022-41766

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.8 MediaWiki versions 1.36.x through 1.37.4 MediaWiki versions 1.38.x through 1.38.2

Description An issue was discovered in MediaWiki where the alreadyrolled message can leak a user name upon an action=rollback operation, specifically when the user has been revision deleted or suppressed.

Recommendations For MediaWiki versions prior to 1.35.8, update to version 1.35.8 or later. For MediaWiki versions 1.36.x through 1.37.4, update to version 1.37.5 or later. For MediaWiki versions 1.38.x through 1.38.2, update to version 1.38.3 or later.