Improper access control in MediaWiki - CVE-2024-34505
Published: May 7, 2024
MediaWiki
Detailed vulnerability description
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to temporary account IP reveal does not check the deleted status in the CheckUser extension. A remote attacker can bypass implemented security restrictions and gain unauthorized access to sensitive information.