Vulnerabilities > CVE-2021-36127 - Insecure Storage of Sensitive Information vulnerability in Mediawiki

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
LOW
Confidentiality impact
LOW
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mediawiki
CWE-922

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).

Vulnerable Configurations

Part Description Count
Application
Mediawiki
387

Common Weakness Enumeration (CWE)