vulnerability

Debian: CVE-2020-35477: mediawiki -- security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
5	(AV:N/AC:L/Au:N/C:N/I:P/A:N)	Dec 18, 2020	Dec 21, 2020	Dec 29, 2020

Severity

CVSS

(AV:N/AC:L/Au:N/C:N/I:P/A:N)

Published

Dec 18, 2020

Added

Dec 21, 2020

Modified

Dec 29, 2020

Description

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).

Solution

debian-upgrade-mediawiki

References

CVE-2020-35477
https://attackerkb.com/topics/CVE-2020-35477
DEBIAN-DSA-4816
DEBIAN-DSA-4816-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today