CVE-2020-35477 - log back

CVE-2020-35477 edited at 18 Dec 2020 13:45:08
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
Type
- Unknown
+ Information disclosure
Description
+ MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).
References
+ https://phabricator.wikimedia.org/T205908
+ https://github.com/wikimedia/mediawiki/commit/ac7aa53532bab782c7453e302d20e8a0712c8395
Notes
CVE-2020-35477 created at 18 Dec 2020 13:31:11