vulnerability

MediaWiki: Information Exposure (CVE-2021-31547)

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:L/Au:S/C:P/I:N/A:N)	Apr 22, 2021	Apr 26, 2021	Mar 7, 2024

Severity

CVSS

(AV:N/AC:L/Au:S/C:P/I:N/A:N)

Published

Apr 22, 2021

Added

Apr 26, 2021

Modified

Mar 7, 2024

Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Solution

mediawiki-upgrade-latest

References

CVE-2021-31547
https://attackerkb.com/topics/CVE-2021-31547
URL-https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d
URL-https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75
URL-https://phabricator.wikimedia.org/T223654

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today