Описание
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
| Релиз | Статус | Примечание |
|---|---|---|
| devel | needs-triage | |
| esm-apps/bionic | needs-triage | |
| esm-apps/focal | needs-triage | |
| esm-apps/jammy | needs-triage | |
| esm-apps/noble | needs-triage | |
| focal | ignored | end of standard support, was needs-triage |
| jammy | needs-triage | |
| noble | needs-triage | |
| oracular | ignored | end of life, was needs-triage |
| plucky | needs-triage |
Показывать по
EPSS
5.3 Medium
CVSS3
Связанные уязвимости
An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
An issue was discovered in the AbuseFilter extension for MediaWiki bef ...
Improper permissions handling in MediaWiki AbuseFilter
Уязвимость расширения AbuseFilter программного средства для реализации гипертекстовой среды MediaWiki, связанная с раскрытием информации через регистрационные файлы, позволяющая нарушителю получить доступ к конфиденциальной информации
EPSS
5.3 Medium
CVSS3