Description
An issue was discovered in the CheckUser extension for MediaWiki through 1.42.1. The API can expose suppressed information for log events. (The log_deleted attribute is not applied to entries.)
Remediation
References
Related Vulnerabilities
WordPress Plugin Acurax On Click Pop Under Multiple Unspecified Vulnerabilities (2.2.1)
Oracle Database Server CVE-2005-4884 Vulnerability (CVE-2005-4884)
WordPress Plugin Video Metabox Cross-Site Scripting (1.1)
IBM RTC Exposure of Resource to Wrong Sphere Vulnerability (CVE-2021-29701)
Oracle Database Server CVE-2020-2516 Vulnerability (CVE-2020-2516)