MediaWiki Exposure of Resource to Wrong Sphere Vulnerability - CVE-2021-30153

An issue was discovered in the VisualEditor extension in MediaWiki before 1.31.13 and 1.32.x through 1.35.x before 1.35.2. . When using VisualEditor to edit a MediaWiki user page belonging to an existing but hidden user VisualEditor will disclose that the user exists. (It shouldn39t because they are hidden.) This is related to ApiVisualEditor.