155 matches found
CVE-2021-36127
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
CVE-2021-36125
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...
CVE-2021-36128
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...
CVE-2021-36127
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
CVE-2021-36125
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...
Design/Logic Flaw
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
Design/Logic Flaw
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...
Design/Logic Flaw
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...
CVE-2021-36127
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
CVE-2021-36125
CVE-2021-36125 affects MediaWiki’s CentralAuth extension (up to 1.36). The GlobalRenameRequest page is vulnerable to infinite loops/DoS when a user’s username exceeds a configured max (MaxNameChars). PT-2021-6527 provides concrete fixes: upgrade MediaWiki 1.36.x to 1.36.1 or later (also applies t...
CVE-2021-36125
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an arbitrary maximum configuration value MaxNameChars...
CVE-2021-36127
CVE-2021-36127 applies to MediaWiki’s CentralAuth extension (through 1.36). The issue: on Special:GlobalUserRights, search results for a suppressed (blocked) user differed from other users, enabling disclosure of suppressed accounts that should be hidden. Affected components include MediaWiki cor...
CVE-2021-36127
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. The Special:GlobalUserRights page provided search results which, for a suppressed MediaWiki user, were different than for any other user, thus easily disclosing suppressed accounts which are supposed to be completely...
CVE-2021-36128
An issue was discovered in the CentralAuth extension in MediaWiki through 1.36. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented...
CVE-2021-36128
The CVE-2021-36128 entry concerns the MediaWiki CentralAuth extension (up to version 1.36) with autoblocks for CentralAuth-issued suppression blocks not being implemented correctly. This is the concrete detail provided across multiple connected sources. The impact is described in the description ...
MediaWiki 安全漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. MediaWiki 1.36 suffers from a security vulnerability that stems from an issue discovered in the CentralAut...
MediaWiki 授权问题漏洞
MediaWiki is a suite of free and freely available web-based Wiki engines from the MediaWiki Foundation. It can be used to deploy in-house knowledge management and content management systems. A security vulnerability exists in the CentralAuth extension for MediaWiki prior to 1.36, which stems from...
PT-2021-21125 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions prior to 1.36 Description: An issue was discovered in the CentralAuth extension. Autoblocks for CentralAuth-issued suppression blocks are not properly implemented. Recommendations: For MediaWiki versions prior to 1.36,...
PT-2021-21124 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension where the Special:GlobalUserRights page provided different search results for a suppressed MediaWiki user compared to other users, thus easily...
PT-2021-21122 · Mediawiki +1 · Mediawiki +1
Name of the Vulnerable Software and Affected Versions: MediaWiki versions through 1.36 Description: An issue was discovered in the CentralAuth extension. The Special:GlobalRenameRequest page is vulnerable to infinite loops and denial of service attacks when a user's current username is beyond an...