CVE-2021-45038: 
NixOS vulnerability analysis and mitigation

An issue was discovered in MediaWiki before 1.35.5, 1.36.x before 1.36.3, and 1.37.x before 1.37.1, where attackers could view private wiki contents by using an action=rollback query. This vulnerability, identified as CVE-2021-45038, was part of a series of security issues discovered in December 2021 that allowed unauthorized access to private content (Vendor Advisory).

The vulnerability received a CVSS v3.1 Base Score of 5.3 (MEDIUM) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N. The issue specifically involved the rollback feature, where a specially crafted parameter could be passed to action=rollback that allowed an attacker to view the contents of arbitrary pages, regardless of permission settings (NVD, Vendor Advisory).

The vulnerability allowed unauthorized users to bypass access controls and view private wiki contents. This was particularly impactful for private wikis or wikis using access restrictions, as it could expose sensitive or confidential information to unauthorized users (Vendor Advisory).

As an immediate workaround, administrators could disable the vulnerable functionality by adding specific configurations to LocalSettings.php. For private wikis, setting $wgWhitelistRead = []; and $wgWhitelistReadRegexp = []; was recommended. The permanent fix was implemented in MediaWiki versions 1.35.5, 1.36.3, and 1.37.1, where all actions except 'view' now require an explicit 'read' user right (Vendor Advisory).

The vulnerability was discovered and reported by security researcher Dylsss, who was credited for identifying and reporting the issue through MediaWiki's security bug reporting process (Vendor Advisory).