CVE-2024-40598

Name of the Vulnerable Software and Affected Versions MediaWiki CheckUser extension versions through 1.42.1

Description An issue was discovered in the CheckUser extension for MediaWiki. The API can expose suppressed information for log events, as the log deleted attribute is not applied to entries.

Recommendations For versions through 1.42.1, consider restricting access to the API until a patch is available. As a temporary workaround, avoid using the API for log events to minimize the risk of exposing suppressed information. At the moment, there is no information about a newer version that contains a fix for this vulnerability.