CVE-2021-31547
4.3
MEDIUM
CVSS 3.1
EPSS 0.17%
Description
An issue was discovered in the AbuseFilter extension for MediaWiki through 1.35.2. Its AbuseFilterCheckMatch API reveals suppressed edits and usernames to unprivileged users through the iteration of crafted AbuseFilter rules.
How to fix CVE-2021-31547
To remediate CVE-2021-31547, upgrade the affected package to a fixed version below.
- Bitnami/mediawiki—upgrade to 1.35.3 or later
Is CVE-2021-31547 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.35.3
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM4.3 | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N |