CVE-2021-31546

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

Published: Apr 22, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31546
Severity: Low
Exploit:

CVSS v3:

Severity: Low
Score: 4.3
AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:P/I:N/A:N

CWEs:

CWE-532

Affected Software
References

Software	From	Fixed in
mediawiki / mediawiki	-	1.35.2.x

https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553
https://phabricator.wikimedia.org/T71617

Vulnerability Database

290,206

CVE-2021-31546