CVE-2024-47913 Information

Description

An issue was discovered in the AbuseFilter extension for MediaWiki before 1.39.9 1.40.x and 1.41.x before 1.41.3 and 1.42.x before 1.42.2. An API caller can match a filter condition against AbuseFilter logs even if the caller is not authorized to view the log details for the filter.

Reference

https://phabricator.wikimedia.org/T372998 https://gerrit.wikimedia.org/r/c/mediawiki/extensions/AbuseFilter/+/1076855