MediaWiki Incorrect Default Permissions Vulnerability - CVE-2021-44858 - Vulnerability Database

MediaWiki Incorrect Default Permissions Vulnerability - CVE-2021-44858

High

Reference: CVE-2021-44858

NVD Link: https://nvd.nist.gov/vuln/detail/CVE-2021-44858

Title: MediaWiki Incorrect Default Permissions Vulnerability

Overview:

An issue was discovered in MediaWiki before 1.35.5 1.36.x before 1.36.3 and 1.37.x before 1.37.1. It is possible to use actioneditampundo followed by actionmcrundo and actionmcrrestore to view private pages on a private wiki that has at least one page set in wgWhitelistRead.