A flaw was found in Mediawiki before 1.31.16, 1.35.4 and 1.36.2. An improper database query in ApiQueryBacklinks may lead to a full table scan leading to exposure of confidential information. References: https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/message/2IFS5CM2YV4VMSODPX3J2LFHKSEWVFV5/ https://phabricator.wikimedia.org/T290379
OSD affected/ooss.
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2021-41799
Created mediawiki tracking bugs for this issue: Affects: fedora-all [bug 2010201]