Description

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

Remediation

References

CVE-2021-31546

Related Vulnerabilities

MySQL CVE-2019-2747 Vulnerability (CVE-2019-2747)

MediaWiki Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2012-1580)

WordPress Plugin Rate my Post-WP Rating System Cross-Site Scripting (3.3.8)

WordPress Plugin Woocommerce CSV importer Arbitrary File Deletion (3.3.6)

Drupal CVE-2020-13665 Vulnerability (CVE-2020-13665)

Severity

Medium

Classification

CVE-2021-31546 CWE-200 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Tags

Missing Update Known Vulnerabilities