1948643 – (CVE-2021-30156) CVE-2021-30156 mediawiki: Special:Contributions toolbar reveals existence of hidden users

Bug 1948643 (CVE-2021-30156) - CVE-2021-30156 mediawiki: Special:Contributions toolbar reveals existence of hidden users

Summary: CVE-2021-30156 mediawiki: Special:Contributions toolbar reveals existence of ...

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2021-30156
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	1947340 1948644
Blocks:	1948646
TreeView+	depends on / blocked

Reported:	2021-04-12 16:43 UTC by Guilherme de Almeida Suckevicz
Modified:	2021-10-28 08:51 UTC (History)
CC List:	11 users (show)
Fixed In Version:	mediawiki 1.31.12, mediawiki 1.35.2
Doc Type:	If docs needed, set a value
Doc Text:	In mediawiki package, the "Special:Contributions" functionality can leak information that a "hidden" user exists.
Clone Of:
Environment:
Last Closed:	2021-10-28 08:51:11 UTC
Embargoed:

Attachments	(Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-04-12 16:43:25 UTC

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

Reference:
https://phabricator.wikimedia.org/T276306

Comment 1 Guilherme de Almeida Suckevicz 2021-04-12 16:45:27 UTC

Created mediawiki tracking bugs for this issue:

Affects: fedora-all [bug 1948644]

Comment 3 Przemyslaw Roguski 2021-04-13 11:27:04 UTC

Statement:

The mediawiki package was removed from OpenShift Container Platform (OCP) in version 4.3, therefore for OCP 4 has been marked as out of support scope.

Note You need to log in before you can comment on or make changes to this bug.