---

CVE-2021-30158 - log back

CVE-2021-30158 edited at 06 Apr 2021 09:03:59
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Incorrect calculation
Description	+ An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Blocked users are unable to use Special:ResetTokens. This has security relevance because a blocked user might have accidentally shared a token, or might know that a token has been compromised, and yet is not able to block any potential future use of the token by an unauthorized party.
References	+ https://phabricator.wikimedia.org/T277009 + https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/191e391d32313aade6d251302ffe686de364d4ec%5E%21/
Notes

CVE-2021-30158 created at 06 Apr 2021 08:57:38