Headline
CVE-2021-44854: Rest API incorrectly publicly caches results from private wikis
An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1. The REST API publicly caches results from private wikis.
Edit Task
Mute Notifications
Protect as security issue
Award Token
Flag For Later
Risk Rating
Low
Author Affiliation
Wikimedia Communities
- Task Graph
- Mentions
Event Timeline
Restricted Application added a subscriber: Aklapper.
sbassett changed Author Affiliation from N/A to Wikimedia Communities.
sbassett changed Risk Rating from N/A to Low.
Reedy renamed this task from Private wikis with new vector return autocomplete search results to Rest API incorrectly publicly caches results from private wikis.
Reedy renamed this task from Rest API incorrectly publicly caches results from private wikis to CVE-2021-44854: Rest API incorrectly publicly caches results from private wikis.
Content licensed under Creative Commons Attribution-ShareAlike 3.0 (CC-BY-SA) unless otherwise noted; code licensed under GNU General Public License (GPL) or other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL
Related news
Gentoo Linux Security Advisory 202305-24 - Multiple vulnerabilities have been found in MediaWiki, the worst of which could result in denial of service. Versions greater than or equal to 1.25.2 are affected.