MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/ | |
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html | Mailing List Release Notes Vendor Advisory |
https://phabricator.wikimedia.org/T205908 | Exploit Issue Tracking Third Party Advisory |
https://www.debian.org/security/2020/dsa-4816 | Third Party Advisory |
Configurations
History
08 Apr 2022, 14:20
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-670 | |
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/ - Mailing List, Third Party Advisory | |
References | (MISC) https://phabricator.wikimedia.org/T205908 - Exploit, Issue Tracking, Third Party Advisory |
Information
Published : 2020-12-18 08:15
Updated : 2024-02-04 21:23
NVD link : CVE-2020-35477
Mitre link : CVE-2020-35477
CVE.ORG link : CVE-2020-35477
JSON object : View
Products Affected
debian
- debian_linux
fedoraproject
- fedora
mediawiki
- mediawiki
CWE
CWE-670
Always-Incorrect Control Flow Implementation