Description
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
Remediation
References
Related Vulnerabilities
PHP Permissions, Privileges, and Access Controls Vulnerability (CVE-2011-2202)
WordPress Plugin Loco Translate PHP Code Injection (2.5.3)
MySQL CVE-2017-3646 Vulnerability (CVE-2017-3646)
WordPress Plugin Alphabetic Pagination Security Bypass (3.0.7)
WordPress Plugin YaySMTP-Simple WP SMTP Mail Information Disclosure (2.2)