Multichill

**Name of the Vulnerable Software and Affected Versions** MediaWiki versions prior to 1.23.15 MediaWiki versions 1.26.x prior to 1.26.4 MediaWiki versions 1.27.x prior to 1.27.1 **Description** The issue might allow remote attackers to obtain sensitive information by leveraging failure to terminate sessions when a user account is blocked, specifically when the `$wgBlockDisablesLogin` variable is set to true. **Recommendations** For MediaWiki versions prior to 1.23.15, update to version 1.23.15 or later. For MediaWiki versions 1.26.x prior to 1.26.4, update to version 1.26.4 or later. For MediaWiki versions 1.27.x prior to 1.27.1, update to version 1.27.1 or later.