CVE-2021-31546

low-risk

Published 2021-04-22

An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. It incorrectly logged sensitive suppression deletions, which should not have been visible to users with access to view AbuseFilter log data.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.3/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Mediawiki

Affected Vendors

Mediawiki

References (4)

Issue Tracking https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553

Third Party Advisory https://phabricator.wikimedia.org/T71617

Issue Tracking https://gerrit.wikimedia.org/r/q/I38a0a24fa32ca7a052b6940864a32b3856e84553

Third Party Advisory https://phabricator.wikimedia.org/T71617

/ 100

low-risk

Severity 18/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal