MediaWiki prior to 1.23.11, 1.24.x prior to 1.24.4, and 1.25.x prior to 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |
||
mediawiki mediawiki 1.24.0 |
||
mediawiki mediawiki 1.24.2 |
||
mediawiki mediawiki 1.24.1 |
||
mediawiki mediawiki 1.24.3 |
||
mediawiki mediawiki 1.25.0 |
||
mediawiki mediawiki 1.25.1 |
||
mediawiki mediawiki 1.25.2 |