CVE-2021-45038

Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1

Description: An issue was discovered in MediaWiki. By using an action=rollback query, attackers can view private wiki contents.

Recommendations: For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider restricting access to the action=rollback query until a patch is available.