Your submission was sent successfully! Close

CVE-2021-44858

Published: 20 December 2021

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
mediawiki
Launchpad, Ubuntu, Debian
bionic Needed

focal Needed

hirsute Ignored
(reached end-of-life)
impish Needed

jammy Not vulnerable
(1:1.35.5-1)
trusty Ignored
(out of standard support)
upstream
Released (1:1.35.5-1)
xenial Does not exist