Description
An issue was discovered in DifferenceEngine.php in MediaWiki before 1.35.12, 1.36.x through 1.39.x before 1.39.5, and 1.40.x before 1.40.1. diff-multi-sameuser (aka "X intermediate revisions by the same user not shown") ignores username suppression. This is an information leak.
Remediation
References
Related Vulnerabilities
Squid NULL Pointer Dereference Vulnerability (CVE-2018-1172)
Resin Application Server Improper Input Validation Vulnerability (CVE-2012-2965)
WordPress Plugin uCare-Support Ticket System Cross-Site Scripting (1.2.1)
ownCloud Incorrect Authorization Vulnerability (CVE-2021-35949)
EspoCRM Unrestricted Upload of File with Dangerous Type Vulnerability (CVE-2023-5966)