Arch Linux Security Advisory ASA-201809-5

Severity: Medium
Date : 2018-09-25
CVE-ID : CVE-2018-0503 CVE-2018-0505 CVE-2018-13258
Package : mediawiki
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-765

Summary

The package mediawiki before version 1.31.1-1 is vulnerable to multiple
issues including access restriction bypass and information disclosure.

Resolution

Upgrade to 1.31.1-1.

pacman -Syu “mediawiki>=1.31.1-1”

The problems have been fixed upstream in version 1.31.1.

Workaround

None.

Description

• CVE-2018-0503 (access restriction bypass)

A security issue has been found in the rate limiting feature of
mediawiki < 1.31.1 where, contrary to the documentation, $wgRateLimits
entry for ‘user’ overrides that for ‘newbie’.

• CVE-2018-0505 (access restriction bypass)

A security issue has been found in mediawiki < 1.31.1 where BotPassword
can bypass CentralAuth’s account lock.

• CVE-2018-13258 (information disclosure)

A security issue has been found in mediawiki < 1.31.1 where the tarball
is missing .htaccess files used to protect some directories that
shouldn’t be web accessible.

Impact

A remote attacker is able to bypass access restrictions put in place by
the site administrator and/or gain access to restricted content.

References

https://www.mediawiki.org/wiki/Release_notes/1.31
https://phabricator.wikimedia.org/T169545
https://github.com/wikimedia/mediawiki/commit/befd48c5f7d3d073de96c87375d7380f6187deb6
https://phabricator.wikimedia.org/T194605
https://github.com/wikimedia/mediawiki/commit/ff6b4cb35c1944870fcd3cc525884790c20819b3
https://phabricator.wikimedia.org/T199029
https://github.com/wikimedia/mediawiki/commit/b78d595feecf9de919258b659628ca7dd872b3f4
https://security.archlinux.org/CVE-2018-0503
https://security.archlinux.org/CVE-2018-0505
https://security.archlinux.org/CVE-2018-13258