First published: Mon Nov 09 2015(Updated: )
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.23.10 | |
MediaWiki MediaWiki | =1.24.0 | |
MediaWiki MediaWiki | =1.24.1 | |
MediaWiki MediaWiki | =1.24.2 | |
MediaWiki MediaWiki | =1.24.3 | |
MediaWiki MediaWiki | =1.25.0 | |
MediaWiki MediaWiki | =1.25.1 | |
MediaWiki MediaWiki | =1.25.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.