CVE-2021-30158 log

Source
Severity Low
Remote Yes
Type Incorrect calculation
Description
An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
Group Package Affected Fixed Severity Status Ticket
AVG-1775 mediawiki 1.35.1-2 1.35.2-1 Medium Fixed
References
https://phabricator.wikimedia.org/T277009
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/191e391d32313aade6d251302ffe686de364d4ec%5E%21/