First published: Thu Apr 22 2021(Updated: )
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Wikimedia MediaWiki | <=1.35.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2021-31546 is classified as a medium severity vulnerability due to its impact on the visibility of sensitive information.
To fix CVE-2021-31546, update your MediaWiki software to version 1.35.3 or later.
CVE-2021-31546 affects MediaWiki versions up to and including 1.35.2.
CVE-2021-31546 incorrectly logs sensitive suppression deletions that should remain confidential.
Users with access to the AbuseFilter log data are at risk due to the visibility of sensitive information.