VDB

GCVE-110-MAGEIA-2021-568

GCVE-110-MAGEIA-2021-568
Advisory Published
Vulnetix · Advisory published December 19, 2021
Updated mediawiki packages fix security vulnerabilities: == Security fixes == * (T292763. CVE-2021-44854) REST API incorrectly publicly caches autocomplete search results from private wikis. * (T271037, CVE-2021-44856) Title blocked in AbuseFilter can be created via Special:ChangeContentModel. * (T297322, CVE-2021-44857) Unauthorized users can use action=mcrundo to replace the content of arbitrary pages. * (T297322, CVE-2021-44858) Unauthorized users can view contents of private wikis using various actions. * (T297574, CVE-2021-45038) Unauthorized users can access private wiki contents using rollback action === Extension security fixes === * (T293589, CVE-2021-44855) Blind Stored XSS in VisualEditor media dialog. * (T294686) Special:Nuke doesn't actually delete pages.

Affected Products

VendorProductVersionsPlatforms
Mageiamediawiki0 (affected), 1.35.5-1.mga8 (unaffected)

Browse GCVE Records

72,337 records in the GCVE database · Updated July 14, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

$ Console Community · 100/wk Open console ›