mediawiki/core is vulnerable to authorization bypass. The vulnerability exists as the userCan function in includes/logging/LogEventsList.php
does not properly check the user’s permissions for the action.
CPE | Name | Operator | Version |
---|---|---|---|
mediawiki/core | le | 1.31.1 | |
mediawiki/core | le | 1.32.1 | |
mediawiki/core | le | 1.30.1 | |
mediawiki/core | le | 1.27.5 | |
mediawiki:eoan | eq | 1:1.31.2-1ubuntu1 |