Page MenuHomePhabricator

Special:CheckUser can expose suppressed information for log events
Closed, ResolvedPublic2 Estimated Story PointsBUG REPORT


Splitting from T311337. Not setting as a security ticket as the cat is out of the bag.

Log actions stored by CheckUser that are in the logging table (and thus can be suppressed) are not hidden as CheckUser does not store the log ID so that it can look up the revision deletion status. This means that checkusers who do not have the oversight permissions can access oversighted logs.

To do this CheckUser needs to store any associated log ID. This will be done in T324907. Once this has been achieved this can be fixed.

Related Objects

View Standalone Graph
This task is connected to more than 200 other tasks. Only direct parents and subtasks are shown here. Use View Standalone Graph to show more of the graph.

Event Timeline

Dreamy_Jazz merged a task: Restricted Task.
Dreamy_Jazz added a subscriber: Umherirrender.

Change #1018782 had a related patch set uploaded (by Dreamy Jazz; author: Dreamy Jazz):

[mediawiki/extensions/CheckUser@master] Respect log_deleted in Special:CheckUser 'Get actions'

Dreamy_Jazz added a subscriber: mmartorana.

Change #1018782 merged by jenkins-bot:

[mediawiki/extensions/CheckUser@master] Respect log_deleted in Special:CheckUser 'Get actions'

My suggestion for testing this is to suppress a variety of information for log events and then try to see if any of it is shown in Special:CheckUser, in a similar vein to T326867.

dom_walden subscribed.

I suppressed all the log entries on my local wiki and then I did a "Get actions" Special:CheckUser request for a username, IP and temporary user. I could not find any references to suppressed usernames for any log entries.