First published: Fri Jul 02 2021(Updated: )
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
MediaWiki MediaWiki | <=1.36 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.