An issue exists in includes/page/Article.php in MediaWiki 1.36.x up to and including 1.39.x prior to 1.39.5 and 1.40.x prior to 1.40.1. Deleted revision existence is leaked due to incorrect permissions being checked. This reveals that a given revision ID belonged to the given page title, and its timestamp, both of which are not supposed to be public information.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
mediawiki mediawiki 1.40.0 |
||
mediawiki mediawiki |
||
debian debian linux 11.0 |
||
debian debian linux 12.0 |