An issue was discovered in the CheckUserLog API in the CheckUser extension for MediaWiki through 1.39.3. There is incorrect access control for visibility of hidden users.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Mediawiki | Mediawiki | * | 1.39.3 (including) |
| Mediawiki | Ubuntu | bionic | * |
| Mediawiki | Ubuntu | focal | * |
| Mediawiki | Ubuntu | kinetic | * |
| Mediawiki | Ubuntu | lunar | * |
| Mediawiki | Ubuntu | mantic | * |
| Mediawiki | Ubuntu | oracular | * |
| Mediawiki | Ubuntu | plucky | * |
| Mediawiki | Ubuntu | trusty | * |
| Mediawiki | Ubuntu | xenial | * |