Description
An issue was discovered in MediaWiki before 1.35.8, 1.36.x and 1.37.x before 1.37.5, and 1.38.x before 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).
Remediation
References
Related Vulnerabilities
WordPress Plugin FV Flowplayer Video Player SQL Injection (7.5.46.7212)
WordPress Plugin DM Albums Multiple File Deletion Vulnerabilities (2.1)
WordPress Plugin DX-Contribute Cross-Site Request Forgery (1.2.0)
IBM RTC CVE-2018-1694 Vulnerability (CVE-2018-1694)
MediaWiki Improper Access Control Vulnerability (CVE-2016-6331)