Abusefilter
Monthly
Sensitive abuse filter configuration data in Wikimedia Foundation's AbuseFilter MediaWiki extension is exposed to authenticated low-privilege users via the QueryAbuseFilters API endpoint (includes/Api/QueryAbuseFilters.php). Authenticated wiki users on affected installations (all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9) can retrieve private or restricted filter rule details they should not be authorized to access. No active exploitation has been confirmed (not listed in CISA KEV) and no public proof-of-concept exploit is known at time of analysis, but the moderate CVSS 4.0 score of 5.3 reflects real risk to wikis relying on confidential filter logic for abuse prevention.
Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
Sensitive abuse filter configuration data in Wikimedia Foundation's AbuseFilter MediaWiki extension is exposed to authenticated low-privilege users via the QueryAbuseFilters API endpoint (includes/Api/QueryAbuseFilters.php). Authenticated wiki users on affected installations (all versions before 1.46.0, 1.45.4, 1.44.6, and 1.43.9) can retrieve private or restricted filter rule details they should not be authorized to access. No active exploitation has been confirmed (not listed in CISA KEV) and no public proof-of-concept exploit is known at time of analysis, but the moderate CVSS 4.0 score of 5.3 reflects real risk to wikis relying on confidential filter logic for abuse prevention.
Information disclosure in Wikimedia Foundation AbuseFilter allows low-privileged authenticated users with user interaction to access limited confidential data through a network vector. The vulnerability affects AbuseFilter versions prior to 1.43.7, 1.44.4, and 1.45.2, with very low CVSS score (2.1) indicating minimal real-world impact but potential for sensitive information leakage in filtered content or filter logic contexts.
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.
An issue was discovered in the AbuseFilter extension through 1.34 for MediaWiki. Rated medium severity (CVSS 5.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Exposure of Sensitive Information vulnerability could allow attackers to access sensitive data that should not be disclosed.