CVE-2024-47913

Name of the Vulnerable Software and Affected Versions MediaWiki AbuseFilter extension versions prior to 1.39.9 MediaWiki AbuseFilter extension versions 1.40.x MediaWiki AbuseFilter extension versions 1.41.x prior to 1.41.3 MediaWiki AbuseFilter extension versions 1.42.x prior to 1.42.2

Description An issue was discovered in the AbuseFilter extension for MediaWiki. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

Recommendations For versions prior to 1.39.9, update to version 1.39.9 or later. For versions 1.40.x, update to version 1.41.3 or later. For versions 1.41.x prior to 1.41.3, update to version 1.41.3 or later. For versions 1.42.x prior to 1.42.2, update to version 1.42.2 or later.