Description
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
Remediation
References
Related Vulnerabilities
PHP Other Vulnerability (CVE-2006-1017)
Joomla Permissions, Privileges, and Access Controls Vulnerability (CVE-2012-1611)
WordPress 4.8.x Multiple Vulnerabilities (4.8 - 4.8.11)
MySQL CVE-2020-14870 Vulnerability (CVE-2020-14870)
WordPress Plugin WHOIS 'domain' Parameter Cross-Site Scripting (1.4.2.2)