MediaWiki is vulnerable to information disclosure. Unprivileged users are able to obtain confidential information on the hidden status due to an insecure handling of missing hidden users.
lists.debian.org/debian-lts-announce/2020/12/msg00034.html
lists.fedoraproject.org/archives/list/[email protected]/message/STT5Z4A3BCXVH3WIPICWU2FP4IPIMUPC/
lists.wikimedia.org/pipermail/mediawiki-announce/2020-December/000268.html
phabricator.wikimedia.org/T120883
security-tracker.debian.org/tracker/CVE-2020-35480
www.debian.org/security/2020/dsa-4816