An issue was discovered in MediaWiki before 1.35.9, 1.36.x through 1.38.x before 1.38.5, and 1.39.x before 1.39.1. When installing with a pre-existing data directory that has weak permissions, the SQLite files are created with file mode 0644, i.e., world readable to local users. These files include credentials data.
Created mediawiki tracking bugs for this issue:
Affects: fedora-all [bug 2160626]
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):