An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
Advisories
Source ID Title
Debian DLA Debian DLA DLA-2847-1 mediawiki security update
Debian DSA Debian DSA DSA-5021-1 mediawiki security update
EUVD EUVD EUVD-2021-31661 An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. It is possible to use action=edit&undo= followed by action=mcrundo and action=mcrrestore to view private pages on a private wiki that has at least one page set in $wgWhitelistRead.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-04T04:32:13.331Z

Reserved: 2021-12-13T00:00:00

Link: CVE-2021-44858

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-12-20T09:15:06.770

Modified: 2024-11-21T06:31:37.320

Link: CVE-2021-44858

cve-icon Redhat

Severity : Important

Publid Date: 2021-12-16T00:00:00Z

Links: CVE-2021-44858 - Bugzilla

cve-icon OpenCVE Enrichment

No data.