Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2020-35477 - log back

CVE-2020-35477 edited at 18 Dec 2020 13:45:08

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+

MediaWiki before 1.35.1 blocks legitimate attempts to hide log entries in some situations. If one sets MediaWiki:Mainpage to Special:MyLanguage/Main Page, visits a log entry on Special:Log, and toggles the "Change visibility of selected log entries" checkbox (or a tags checkbox) next to it, there is a redirection to the main page's action=historysubmit (instead of the desired behavior in which a revision-deletion form appears).

References

+	https://phabricator.wikimedia.org/T205908
+	https://github.com/wikimedia/mediawiki/commit/ac7aa53532bab782c7453e302d20e8a0712c8395

Notes

CVE-2020-35477 created at 18 Dec 2020 13:31:11