Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. By using an action=rollback query, attackers can view private wiki contents.

Remediation

References

CVE-2021-45038

Related Vulnerabilities

WordPress Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2014-9033)

WebERP Incorrect Permission Assignment for Critical Resource Vulnerability (CVE-2018-20420)

WordPress Plugin BuddyStream Multiple Cross-Site Scripting Vulnerabilities (2.6.2)

Apache HTTP Server Other Vulnerability (CVE-2001-1072)

Cherokee Improper Restriction of Operations within the Bounds of a Memory Buffer Vulnerability (CVE-2019-20799)

Severity

Medium

Classification

CVE-2021-45038 CWE-200 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities