vulnerability

MediaWiki: Information Exposure Through Log Files (CVE-2021-31546)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Apr 22, 2021	Apr 26, 2021	Mar 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Apr 22, 2021

Added

Apr 26, 2021

Modified

Mar 7, 2024

Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

Solution

mediawiki-upgrade-latest

References

CVE-2021-31546
https://attackerkb.com/topics/CVE-2021-31546
URL-https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553
URL-https://phabricator.wikimedia.org/T71617

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today