CVE-2021-44854

Name of the Vulnerable Software and Affected Versions MediaWiki versions prior to 1.35.5 MediaWiki versions 1.36.x prior to 1.36.3 MediaWiki versions 1.37.x prior to 1.37.1

Description An issue was discovered in the REST API of MediaWiki, which publicly caches results from private wikis, potentially leading to information disclosure. This could allow a remote attacker to gain unauthorized access to protected information.

Recommendations For MediaWiki versions prior to 1.35.5, update to version 1.35.5 or later. For MediaWiki versions 1.36.x prior to 1.36.3, update to version 1.36.3 or later. For MediaWiki versions 1.37.x prior to 1.37.1, update to version 1.37.1 or later. As a temporary workaround, consider disabling the REST API until a patch is available. Restrict access to private wikis to minimize the risk of exploitation.