CVE-2016-6336

Source
https://nvd.nist.gov/vuln/detail/CVE-2016-6336
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2016-6336.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2016-6336
Downstream
Related
Published
2017-04-20T17:59:00Z
Modified
2025-09-19T08:28:57.722162Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N CVSS Calculator
Summary
[none]
Details

MediaWiki before 1.23.15, 1.26.x before 1.26.4, and 1.27.x before 1.27.1 allows remote authenticated users with undelete permissions to bypass intended suppressrevision and deleterevision restrictions and remove the revision deletion status of arbitrary file revisions by using Special:Undelete.

References

Affected packages

Git / github.com/wikimedia/mediawiki

Affected ranges

Type
GIT
Repo
https://github.com/wikimedia/mediawiki
Events

Affected versions

1.*

1.1.0
1.23.0
1.23.0-rc.1
1.23.0-rc.2
1.23.0-rc.3
1.23.0rc0
1.23.1
1.23.10
1.23.11
1.23.12
1.23.13
1.23.14
1.23.2
1.23.3
1.23.4
1.23.5
1.23.6
1.23.7
1.23.8
1.23.9
1.26.0
1.26.1
1.26.2
1.26.3
1.26.4
1.27.0
1.27.0-rc.0
1.27.0-rc.1
1.3.0beta1
1.5.0alpha1
1.5.0alpha2
1.5.0beta1
1.5.0beta2
1.5.0beta3
1.5.0beta4
1.6.0

Other

REL1_26