Mediawiki: >> Mediawiki >> 1.27.0 Security Vulnerabilities
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 does not generate head items in the context of a given title, which allows remote attackers to obtain sensitive information via a parse action to api.php.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-20
MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.
CVSS Score
6.5
EPSS Score
0.001
Published
2017-04-20
MediaWiki 1.27.x before 1.27.1 might allow remote attackers to bypass intended session access restrictions by leveraging a call to the UserGetRights function after Session::getAllowedUserRights.
CVSS Score
7.5
EPSS Score
0.003
Published
2017-04-20
Page 20