CVE-2021-35197 log

Source
Severity Medium
Remote Yes
Type Access restriction bypass
Description
A security issue has been found in MediaWiki before version 1.36.1 that allows blocked users to purge pages.
Group Package Affected Fixed Severity Status Ticket
AVG-2093 mediawiki 1.36.0-1 1.36.1-1 Medium Fixed
Date Advisory Group Package Severity Type
01 Jul 2021 ASA-202107-7 AVG-2093 mediawiki Medium access restriction bypass
References
https://lists.wikimedia.org/hyperkitty/list/mediawiki-announce@lists.wikimedia.org/thread/YR3X4L2CPSEJVSY543AWEO65TD6APXHP/
https://phabricator.wikimedia.org/T280226
https://gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/7fc84bbd23c1205e13c7a8332ab39e6ff52ca107%5E%21/