Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Remediation

References

CVE-2021-31547

Related Vulnerabilities

Apache HTTP Server Uncontrolled Resource Consumption Vulnerability (CVE-2023-45802)

WordPress 4.9.x Denial of Service Vulnerability (4.9 - 4.9.4)

MediaWiki Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') Vulnerability (CVE-2015-2931)

Plone CMS Improper Input Validation Vulnerability (CVE-2011-4462)

WordPress Plugin WP Coder-add custom html, css and js code Cross-Site Request Forgery (2.5.1)

Severity

Medium

Classification

CVE-2021-31547 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities