Impact

Suppression of wiki requests does not work as intended, and always restricts visibility to those with the (createwiki) user right regardless of the settings one sets on a given wiki request.

This may expose information to users who are not supposed to be able to access it.

Patches

https://gist.githubusercontent.com/redbluegreenhat/0da1ebb7185b241ce1ac6ba1e8f0b98d/raw/44c4a229aacc8233808c767a79af9e4fd581ae68/T11993.patch

Workarounds

None

References

https://issue-tracker.miraheze.org/T11993

For more information

If you have any questions or comments about this advisory:

• Open an issue on our issue tracker
• Email us at security{{@}}miraheze.org