Lucene search

GoogleOSV:BIT-MEDIAWIKI-2023-29141

HistoryMar 06, 2024 - 11:01 a.m.

BIT-mediawiki-2023-29141

2024-03-0611:01:46

Google

osv.dev

mediawiki

auto-block

untrusted x-forwarded-for header

security issue

9.4 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

65.0%

JSON

An issue was discovered in MediaWiki before 1.35.10, 1.36.x through 1.38.x before 1.38.6, and 1.39.x before 1.39.3. An auto-block can occur for an untrusted X-Forwarded-For header.

CPENameOperatorVersion
mediawikige1.36.0
mediawikilt1.35.10
mediawikilt1.38.6
mediawikilt1.39.3
mediawikige1.39.0

Name	Operator	Version
mediawiki	ge	1.36.0
mediawiki	lt	1.35.10
mediawiki	lt	1.38.6
mediawiki	lt	1.39.3
mediawiki	ge	1.39.0

References

gerrit.wikimedia.org/r/plugins/gitiles/mediawiki/core/+/REL1_39/RELEASE-NOTES-1.39

lists.debian.org/debian-lts-announce/2023/08/msg00029.html

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ONWHGOBFD6CQAEGOP5O375XAP2N6RUHT/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZGK4NZPIJ5ET2ANRZOUYPCRIB5I64JR7/

phabricator.wikimedia.org/T285159

www.debian.org/security/2023/dsa-5447