CVE-2015-8004
EPSS 0.16%
Description
MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3 does not properly restrict access to revisions, which allows remote authenticated users with the viewsuppressed user right to remove revision suppressions via a crafted revisiondelete action, which returns a valid a change form.
How to fix CVE-2015-8004
To remediate CVE-2015-8004, upgrade the affected package to a fixed version below.
- Debian/mediawiki—upgrade to 1:1.25.5-1 or later
Is CVE-2015-8004 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1:1.25.5-1