MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
References
Link | Resource |
---|---|
https://lists.debian.org/debian-lts-announce/2020/12/msg00034.html | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/ | |
https://lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html | Mailing List Release Notes Vendor Advisory |
https://phabricator.wikimedia.org/T205908 | Exploit Issue Tracking Third Party Advisory |
https://www.debian.org/security/2020/dsa-4816 | Third Party Advisory |
Configurations
History
07 Nov 2023, 03:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
08 Apr 2022, 14:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Fedoraproject fedora
Fedoraproject |
|
CPE | cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/ - Mailing List, Third Party Advisory | |
References | (MISC) https://phabricator.wikimedia.org/T205908 - Exploit, Issue Tracking, Third Party Advisory | |
CWE | CWE-670 |
Information
Published : 2020-12-18 08:15
Updated : 2023-12-10 13:41
NVD link : CVE-2020-35477
Mitre link : CVE-2020-35477
CVE.ORG link : CVE-2020-35477
JSON object : View
Products Affected
fedoraproject
- fedora
debian
- debian_linux
mediawiki
- mediawiki
CWE
CWE-670
Always-Incorrect Control Flow Implementation