Vulnerability Description
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mediawiki | Mediawiki | <= 1.35.2 |
Related Weaknesses (CWE)
References
- https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907dIssue TrackingThird Party Advisory
- https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75Issue TrackingThird Party Advisory
- https://phabricator.wikimedia.org/T223654Third Party Advisory
- https://gerrit.wikimedia.org/r/q/I3f7dbd8b873d411e37c8c3aac2339bf5ec36907dIssue TrackingThird Party Advisory
- https://gerrit.wikimedia.org/r/q/I4900b1be73323599d74e3164447f81eded094d75Issue TrackingThird Party Advisory
- https://phabricator.wikimedia.org/T223654Third Party Advisory
FAQ
What is CVE-2021-31547?
CVE-2021-31547 is a vulnerability with a CVSS score of 4.3 (MEDIUM). An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of c...
How severe is CVE-2021-31547?
CVE-2021-31547 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-31547?
Check the references section above for vendor advisories and patch information. Affected products include: Mediawiki Mediawiki.