CVE-2021-44854

MEDIUM

MediaWiki <1.35.5-1.37.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.

References (2)

Core 2
Core References
Issue Tracking, Vendor Advisory
https://phabricator.wikimedia.org/T292763

Scores

CVSS v3 5.3
EPSS 0.0022
EPSS Percentile 44.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-524
Status published
Products (2)
mediawiki/mediawiki 1.37.0 (4 CPE variants)
mediawiki/mediawiki < 1.35.5
Published Dec 26, 2022
Tracked Since Feb 18, 2026