Nixpkgs security tracker

Login with GitHub

Suggestion detail

Untriaged
Permalink CVE-2025-6589
created 2 months, 3 weeks ago Activity log
  • Created suggestion 2 months, 3 weeks ago
With MultiBlocks enabled and a user who is suppressed via a MultiBlock, a user without 'hideuser' can see the hidden username in the BlockList

Vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/specials/pagers/BlockListPager.Php. This issue affects MediaWiki: >= 1.42.0.

Affected products

MediaWiki
  • ==>= 1.42.0

Matching in nixpkgs

pkgs.mediawiki

Collaborative editing software that runs Wikipedia

Package maintainers