An issue exists in MediaWiki prior to 1.35.8, 1.36.x and 1.37.x prior to 1.37.5, and 1.38.x prior to 1.38.3. Upon an action=rollback operation, the alreadyrolled message can leak a user name (when the user has been revision deleted/suppressed).
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki |