Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

Remediation

References

CVE-2021-31546

Related Vulnerabilities

WordPress Plugin ProfileGrid-User Profiles, Groups and Communities Unspecified Vulnerability (2.6.4)

WebLogic CVE-2020-2867 Vulnerability (CVE-2020-2867)

XWiki Improper Control of Generation of Code ('Code Injection') Vulnerability (CVE-2023-29210)

Atlassian Jira CVE-2019-11583 Vulnerability (CVE-2019-11583)

WordPress Plugin Toolset Types-Custom Post Types, Custom Fields and Taxonomies Multiple Unspecified Vulnerabilities (2.2.2)

Severity

Medium

Classification

CVE-2021-31546 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities