CVE-2021-30156

Description

An issue was discovered in MediaWiki before 1.31.12 and 1.32.x through 1.35.x before 1.35.2. Special:Contributions can leak that a "hidden" user exists.

How to fix CVE-2021-30156

To remediate CVE-2021-30156, upgrade the affected package to a fixed version below.

Bitnami/mediawiki—upgrade to 1.31.12 or later

Is CVE-2021-30156 being exploited?

Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

from 0, < 1.31.12, >= 1.32.0, < 1.35.2

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	MEDIUM4.3	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

References (4)

WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/26UJGHF7LJDOCQN6A3Z4PM7PYRKENJHE/
WEBlists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2OMSV7B2TCFBOCICN3B4SMQP5HVRJQIT/
WEBnvd.nist.gov/vuln/detail/CVE-2021-30156
WEB