Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Remediation

References

CVE-2021-31547

Related Vulnerabilities

WordPress Plugin Embed Articles Multiple Vulnerabilities (7.0.3)

WordPress Plugin demon image annotation Cross-Site Request Forgery (4.7)

WordPress Plugin YITH Advanced Refund System for WooCommerce Security Bypass (1.0.10)

Oracle Database Server Other Vulnerability (CVE-2007-1442)

WordPress Plugin Ninja Forms with File Uploads Extension Arbitrary File Upload (3.3.0)

Severity

Medium

Classification

CVE-2021-31547 CWE-668 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities