Wikimedia MediaWiki CentralAuth Extension Sensitive Information Exposure Vulnerability

A vulnerability in the Wikimedia Foundation's MediaWiki CentralAuth Extension, affecting versions from master prior to 1.39, allows for unauthorized exposure of sensitive information. This vulnerability leads to a resource leak by improperly handling permissions related to user block information across wikis.

Impact

Exploitation of this vulnerability causes a resource leak by incorrectly reporting user block statuses, including suppressed blocks that the user does not have permission to view.

Reproduction

To reproduce this vulnerability, log into a test Wikipedia instance and enable the UserInfoCard (UIC) feature. Then, navigate to the 'Special:ListUsers' page and open the UIC icon next to a username that is suppress blocked on another wiki. In the network tab, observe the response from the 'userinfo' API, which will incorrectly include the suppress block in the 'activeLocalBlocksAllWikis' count, despite lacking the rights to view it.

Remediation

Users can update to the latest version of the MediaWiki CentralAuth Extension, where this vulnerability has been addressed.