[streetfighter64]

Well, admins (or anybody other than the developers / deployment pipeline) having permissions to alter the JS sounds like a significant vulnerability. Maybe it wasn't in the early 2000s, but unencrypted HTTP was also normal then.

[bawolff]

That's a fair point, but keep in mind normal admin is not sufficient. For local users (the account in question wasn't local) you need to be an "interface admin", of which there are only 15 on english wikipedia.

The account in question had "staff" rights which gave him basically all rights on all wikis.

[cesarb]

> For local users (the account in question wasn't local) you need to be an "interface admin", of which there are only 15 on english wikipedia.

It used to be all "admin" accounts, of which there were many more. Restricting it to "interface admin" only is a fairly recent change.

[bawolff]

> Restricting it to "interface admin" only is a fairly recent change.

Its been 8 years!

[LaGrange]

> Well, admins (or anybody other than the developers / deployment pipeline) having permissions to alter the JS sounds like a significant vulnerability.

It's a common feature of CMS'es and "tag management systems." Its presence is a massive PITA to developers even _besides_ the security, but PMs _love them_, in my experience.