An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9, 1.40.x and 1.41.x before 1.41.3, and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.
| Package (Ecosystem) | Introduced | Fixed | Limit |
|---|---|---|---|
| mediawiki/abuse-filter(Packagist) | 0 | 1.39.9 | N/A |
| mediawiki/abuse-filter(Packagist) | 1.40.0 | 1.41.3 | N/A |
| mediawiki/abuse-filter(Packagist) | 1.42.0 | 1.42.2 | N/A |
CVSS Metrics
