3 matches found
CVE-2021-35197
In MediaWiki before 1.31.15, 1.32.x through 1.35.x before 1.35.3, and 1.36.x before 1.36.1, bots have certain unintended API access. When a bot account has a "sitewide block" applied, it is able to still "purge" pages through the MediaWiki Action API which a "sitewide block" should have prevented...
[ASA-202107-7] mediawiki: access restriction bypass
Arch Linux Security Advisory ASA-202107-7 ========================================= Severity: Medium Date : 2021-07-01 CVE-ID : CVE-2021-35197 Package : mediawiki Type : access restriction bypass Remote : Yes Link : https://security.archlinux.org/AVG-2093 Summary ======= The package mediawiki...
PT-2021-6527 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions 1.31.15 and earlier MediaWiki versions 1.32.x through 1.35.x before 1.35.3 MediaWiki versions 1.36.x before 1.36.1 Description: The issue concerns unintended API access for bots in MediaWiki. When a bot account has a...