PT-2021-19417 · Mediawiki+1 · Mediawiki+2

Suffusion_Of_Yellow

Published

2021-04-22

Updated

2024-03-06

CVE-2021-31547

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki through 1.35.2

Description An issue in the AbuseFilter extension for MediaWiki reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules, specifically through the AbuseFilterCheckMatch API.

Recommendations For MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. For the AbuseFilter extension, consider temporarily disabling the AbuseFilterCheckMatch API until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31547

CVE-2021-31547

Affected Products

Alt Linux

Abusefilter Extension

Mediawiki

PT-2021-19417 · Mediawiki+1 · Mediawiki+2

CVE-2021-31547

Weakness Enumeration

Related Identifiers

Affected Products

References · 6