Vulnerabilities > CVE-2021-36127 - Insecure Storage of Sensitive Information vulnerability in Mediawiki

047910
CVSS 4.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
SINGLE
Confidentiality impact
PARTIAL
Integrity impact
NONE
Availability impact
NONE
network
low complexity
mediawiki
CWE-922
NVD
Published: 2021-07-02
Updated: 2021-07-07

Summary

An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts (which are supposed to be completely hidden).

Vulnerable Configurations

Part Description Count
Application
Mediawiki
379

Common Weakness Enumeration (CWE)

References