Description

An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)

Remediation

References

CVE-2024-40598

Related Vulnerabilities

WordPress Plugin Subscribe2 Multiple Cross-Site Scripting Vulnerabilities (8.1)

WordPress Plugin File Manager Unspecified Vulnerability (2.2.0)

WordPress Plugin Flog Server-Side Request Forgery (1.0beta3)

WordPress Plugin Gallery for Social Photo Cross-Site Request Forgery (1.0.0.27)

WordPress Plugin Fancy Product Designer-WooCommerce Cross-Site Scripting (4.5.0)

Severity

Medium

Classification

CVE-2024-40598 CWE-532 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities