Candidate: CVE-2015-8004
PublicDate: 2015-11-09 18:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8004
 https://phabricator.wikimedia.org/T95589
Description:
 MediaWiki before 1.23.11, 1.24.x before 1.24.4, and 1.25.x before 1.25.3
 does not properly restrict access to revisions, which allows remote
 authenticated users with the viewsuppressed user right to remove revision
 suppressions via a crafted revisiondelete action, which returns a valid a
 change form.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_mediawiki:
upstream_mediawiki: released (1:1.25.5-1)
precise_mediawiki: ignored (reached end-of-life)
precise/esm_mediawiki: DNE (precise was needs-triage)
trusty_mediawiki: ignored (reached end-of-life)
trusty/esm_mediawiki: DNE (trusty was needed)
vivid_mediawiki: ignored (reached end-of-life)
vivid/stable-phone-overlay_mediawiki: DNE
vivid/ubuntu-core_mediawiki: DNE
wily_mediawiki: ignored (reached end-of-life)
xenial_mediawiki: DNE
yakkety_mediawiki: ignored (reached end-of-life)
zesty_mediawiki: ignored (reached end-of-life)
artful_mediawiki: ignored (reached end-of-life)
bionic_mediawiki: not-affected (1:1.27.4-3)
cosmic_mediawiki: not-affected (1:1.31.1-3)
disco_mediawiki: not-affected (1:1.31.1-3)
devel_mediawiki: not-affected (1:1.31.1-3)