CVE-2019-16528

Name of the Vulnerable Software and Affected Versions MediaWiki AbuseFilter extension versions REL1 32 through REL1 33

Description An issue in the AbuseFilter extension for MediaWiki allows attackers to obtain sensitive information, such as deleted or suppressed usernames and summaries, from AbuseLog revision data through the includes/special/SpecialAbuseLog.php file.

Recommendations For versions REL1 32 and REL1 33, consider restricting access to the SpecialAbuseLog.php file until a patch is available. As a temporary workaround, avoid using the affected AbuseLog revision data in the includes/special/SpecialAbuseLog.php file until the issue is resolved.