CVE-2021-31549

CVSS v3.1

4.3

Medium

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions MediaWiki versions through 1.35.2 AbuseFilter extension for MediaWiki through 1.35.2

Description An issue in the AbuseFilter extension for MediaWiki allows the disclosure of suppressed MediaWiki usernames to unprivileged users through the Special:AbuseFilter/examine form.

Recommendations For MediaWiki versions through 1.35.2, update to a version that contains a fix for this issue. For the AbuseFilter extension, restrict access to the Special:AbuseFilter/examine form until a patch is available.

Fix

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200

Related Identifiers

ALT-PU-2021-1991

ALT-PU-2021-2091

BIT-MEDIAWIKI-2021-31549

CVE-2021-31549

Affected Products

Alt Linux

Abusefilter Extension

Mediawiki

CVE-2021-31549

Weakness Enumeration

Related Identifiers

Affected Products

References · 6