CVE-2015-8004

MediaWiki <1.23.11, <1.24.x-1.24.4, <1.25.x-1.25.3 - Info Disclosure

Title source: llm

Description

MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.

References (3)

Core 3

Core References

Vendor Advisory x_refsource_confirm

https://phabricator.wikimedia.org/T95589

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1034028

Patch, Vendor Advisory mailing-list x_refsource_mlist

https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-October/000181.html

Scores

EPSS 0.0016

EPSS Percentile 36.4%

Details

CWE

CWE-264

Status published

Products (8)

mediawiki/mediawiki 1.24.0

mediawiki/mediawiki 1.24.1

mediawiki/mediawiki 1.24.2

mediawiki/mediawiki 1.24.3

mediawiki/mediawiki 1.25.0

mediawiki/mediawiki 1.25.1

mediawiki/mediawiki 1.25.2

mediawiki/mediawiki < 1.23.10

Published Nov 09, 2015

Tracked Since Feb 18, 2026