Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-31547

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.

Published

2021-04-22T03:15:08.000

Last Modified

2024-11-21T06:05:53.273

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:S/C:P/I:N/A:N

Access Vector: NETWORK
Access Complexity: LOW
Authentication: SINGLE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

8.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-200

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mediawiki	mediawiki	≤ 1.35.2	Yes

References

https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d Issue Tracking, Third Party Advisory ([email protected])
https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75 Issue Tracking, Third Party Advisory ([email protected])
https://phabricator.wikimedia.org/T223654 Third Party Advisory ([email protected])
https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907d Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75 Issue Tracking, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://phabricator.wikimedia.org/T223654 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)