Description
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Previously hidden (restricted) AbuseFilter filters were viewable (or their differences were viewable) to unprivileged users, thus disclosing potentially sensitive information.
References (2)
Core 2
Core References
Patch, Vendor Advisory x_refsource_misc
https://phabricator.wikimedia.org/T104807
Patch, Vendor Advisory x_refsource_misc
https://gerrit.wikimedia.org/r/q/Ie23e8234ae550273bf3f6f9c5ac45b7fc54eec2a
Scores
CVSS v3
5.3
EPSS
0.0032
EPSS Percentile
54.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-200
Status
published
Products (1)
mediawiki/abusefilter
< 1.34
Published
Oct 29, 2019
Tracked Since
Feb 18, 2026