Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The Special:Investigate feature can expose suppressed information for log events. (TimelineService does not support properly suppressing.)
Remediation
References
Related Vulnerabilities
TYPO3 Files or Directories Accessible to External Parties Vulnerability (CVE-2021-21355)
Moodle URL Redirection to Untrusted Site ('Open Redirect') Vulnerability (CVE-2019-10133)
WordPress Plugin Real3D FlipBook Multiple Vulnerabilities (2.18.8)
Drupal Core 8.9.x Multiple Cross-Site Scripting Vulnerabilities (8.9.0 - 8.9.5)